SECURITY: Certificate with private key in repository

FrigadeHQ / remote-storage

remoteStorage is a simple library that combines the localStorage API with a remote server to persist data across sessions, devices, and browsers. It works as a simple key value database store and backend with support for React, Next.js, Vue, Node, or any Javascript stack

https://remote.storage

MIT License

1.21k stars 27 forks source link

SECURITY: Certificate with private key in repository #17

Closed htho closed 7 months ago

htho commented 7 months ago

Hi,

I am not a security expert, but storing private keys in (public) repositories is a huge red flag. Someone might use the certificate to pretend to be the owner of the cert.

If it is a false positive, add a README. Otherwise you need to invalidate the cert, issue a new one and rewrite the repositories history.

christianmat commented 7 months ago

Hey there! These are self-signed certs used for development only to run https/ssl locally. I just updated the docs with this.