RicYaben
commented
8 months ago Hey there! Thanks for the heads-up on this, but this is not a current issue. What you are describing is part of the development pipeline, not a bug or a security issue. I agree that devs should not commit those files, but this is just as simple as not including them in their commits. In addition, we are having discussions to replace these services altogether, so I will have to close this issue and reject the pull request.
While building the Docker-compose configuration for the project, certain sensitive keys and credentials are required. To enhance security and prevent the inadvertent inclusion of confidential information in the version control system, we should add the relevant files or directories to the .gitignore file.