Exposure of Sensitive Information in Repository

[Harsha9554]

I noticed that there are several sensitive keys exposed in your repository, specifically your YouTube channel ID key, API key, and Discord client key. This is a significant security risk, as malicious users could potentially misuse these keys.

Additionally, I observed that your .env file is also exposed with keys, and there is no .env.example file in the repository.

Here are some recommended steps to resolve these issues:

Remove the exposed keys: You should immediately remove the exposed keys from your repository. This includes the YouTube channel ID key, API key, and Discord client key.

Regenerate your keys: After removing the exposed keys, you should regenerate them to ensure that any copies of the old keys are rendered useless.

Use environment variables: Instead of hardcoding your keys into your code, you should use environment variables to store them. This allows you to keep your keys secret and separate from your code.

Add a .env.examplefile: To make it easier for others to understand what environment variables are needed, you can add a .env.example file to your repository. This file should outline all the necessary environment variables without exposing any actual keys.

Remove the .env file from the repository: Your .env file should not be included in the repository. You can add .env to your .gitignore file to ensure it is not accidentally committed.

Please consider making these changes to improve the security of your project.

[Harsha9554]

I would be happy to help resolve this issue. Could the moderators please assign this issue to me? @Jaideep-C

[Jaideep-C]

Hi @Harsha9554, I'm assigning you to this task. Please review the docs in case you are uncertain about how to approach the issue. Also, be aware that we are using Next13 in this project.

[Jaideep-C]

@breathecode6365 @SaiSantoshPradyumna please revoke the keys for both discord & youtube.

[Jaideep-C]

This issue is closed by @Harsha9554 via #69