lepeuvedic-natixar
commented
7 months ago File .env removed from code base. Replaced by .env.example which does not contain real credentials.
Closed lepeuvedic-natixar closed 7 months ago
lepeuvedic-natixar
commented
7 months ago File .env removed from code base. Replaced by .env.example which does not contain real credentials.
https://github.com/Natixar/natixar-frontend/blob/c5f291f00e40eae8722b050060fa8bea03484a66/react-app/.env#L12 https://github.com/Natixar/natixar-frontend/blob/c5f291f00e40eae8722b050060fa8bea03484a66/react-app/.env#L14
These secrets have been added as repository secrets with the exact same name, and that will normally prevent further check-in of .env . The content of the .env file have been added as secrets in render.com .
You should revoke these secrets asap, since they've been compromised, and generate new ones. In the future .env should not be stored in a publicly accessible repository and the name of the variables will be recognized by the secret scanner and will block further attempts (including with updated secrets).