Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BUG:Security vulnerability , .env file committed to repo #71

Open
2 tasks done
yashpandey06 opened this issue Nov 20, 2024 · 9 comments
Open
2 tasks done

BUG:Security vulnerability , .env file committed to repo #71

yashpandey06 opened this issue Nov 20, 2024 · 9 comments

Comments

@yashpandey06
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

What happened?

.env file is being pushed to the repo, we should rather use some other means to keep these secrets private right ?

Screenshot 2024-11-20 at 4 12 52 PM

Record

  • I agree to follow this project's Code of Conduct
@yashpandey06
Copy link
Author

@Pranav0-0Aggarwal can you please help explain the need of this .env file ?

@Dhruv-pahuja
Copy link

i am working on it

@Dhruv-pahuja Dhruv-pahuja mentioned this issue Nov 21, 2024
Closed
Dhruv-pahuja added a commit to Dhruv-pahuja/PictoPy that referenced this issue Nov 21, 2024
@Dhruv-pahuja
added .env to .gitignore
123f83b 
fixes AOSSIE-Org#71 

what i have done:
Added .env in .gitignore file

this PR will make the env file get removed from repo online and in future it will not get pushed back to repo if any changes detected by git

additonal note:
To fully address the issue, the .env file should be removed from the Git history using tools like BFG Repo-Cleaner or git filter-branch. Additionally, any sensitive keys or credentials should be rotated to ensure they are secure.
@Dhruv-pahuja Dhruv-pahuja mentioned this issue Nov 21, 2024
Closed
@yashpandey06
Copy link
Author

@Dhruv-pahuja please from next time let's first enquire if the person who has raised the issue is working on it or not ...that's how open source works if. I am not wrong !.

@yashpandey06
Copy link
Author

Let's not jump right into solving issue without consulting the issue master 😔.

@Dhruv-pahuja
Copy link

ohh so sorry @yashpandey06 , i will consider this from next time and i may close this PR if you are working on it.

@yashpandey06
Copy link
Author

@Dhruv-pahuja please don't close the PR ...but lets be active from next time .

@Rajgupta36
Copy link
Contributor

@yashpandey06 , I think env file only contains default keys that are available to everyone. Also, in the Docker setup, he uses these keys as env variables.

@yashpandey06
Copy link
Author

yashpandey06 commented Nov 21, 2024
edited
Loading

@yashpandey06 , I think env file only contains default keys that are available to everyone. Also, in the Docker setup, he uses these keys as env variables.
@Rajgupta36 even then it would be good practise to clarify that this env is the example env somewhat like ".env.example"

@Rajgupta36
Copy link
Contributor

Rajgupta36 commented Nov 21, 2024
edited
Loading

@yashpandey06 yepp, it's good practice .Although I also figured out a few bugs, they are only one or two errors. Should I create a PR for that or include it in a bigger PR?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add .env file in .gitignore Dhruv-pahuja/PictoPy
added .env to .gitignore Dhruv-pahuja/PictoPy
3 participants
@yashpandey06 @Dhruv-pahuja @Rajgupta36