⚠️ Exposed Credentials in .env.staging.example
I found what appears to be real credentials committed in this file. This is a security risk as this repository is public.
Evidence
GOOGLE_RECAPTCHA_KEY=6LdKJrIUAAAAAALighiAy62sGoZjIFEm8Qy5Cdcf;GOOGLE_RECAPTCHA_SECRET=6LdKJrIUAAAAAGikr8rdVLR8UXV4Z8GrxIFNwUB4;
File Location
.env.staging.example
Recommendations
- Immediately rotate all exposed credentials
- Add
.env.* files to .gitignore
- Use environment variables or a secrets manager instead
- Use
git filter-branch or BFG Repo-Cleaner to remove from history
- Consider enabling GitHub secret scanning
If this is a false positive or the credentials are intentional, please close this issue.
🙏 If this report was helpful, consider supporting: buymeacoffee.com/muhamedfazalps
.env.staging.exampleI found what appears to be real credentials committed in this file. This is a security risk as this repository is public.
Evidence
File Location
.env.staging.example
Recommendations
.env.*files to.gitignoregit filter-branchor BFG Repo-Cleaner to remove from historyIf this is a false positive or the credentials are intentional, please close this issue.
🙏 If this report was helpful, consider supporting: buymeacoffee.com/muhamedfazalps