Skip to content

chore: add security warning to .env.example to prevent secret leaks (…#1829

Open
shankumar7 wants to merge 1 commit into
Priyanshu-byte-coder:mainfrom
shankumar7:chore/env-security-warning
Open

chore: add security warning to .env.example to prevent secret leaks (…#1829
shankumar7 wants to merge 1 commit into
Priyanshu-byte-coder:mainfrom
shankumar7:chore/env-security-warning

Conversation

@shankumar7
Copy link
Copy Markdown
Contributor

@shankumar7 shankumar7 commented Jun 1, 2026

chore: add security warning to .env.example to prevent secret leaks (fixes #1828)

Summary

Added a strict security warning header to .env.example to ensure contributors do not commit real Supabase keys or GitHub OAuth credentials to version control. This prevents future occurrences of the secret leaks detailed in issue #1828.

Closes #1828

Type of Change

  • Bug fix
  • New feature
  • Documentation update / Security
  • Refactor / code cleanup

Changes Made

  • Added a massive, unmissable security warning to the top of .env.example.
  • Reminded contributors to use .env.local for real credentials.

How to Test

Steps for the reviewer to verify this works:

  1. Open .env.example
  2. Verify the security warning header is highly visible at the top of the file.

Screenshots (if UI change)

N/A

Checklist

  • Linked issue in summary
  • npm run lint passes locally
  • No TypeScript errors (npm run type-check)
  • Self-reviewed the diff
  • Added/updated tests if applicable

Accessibility Checklist

  • Proper keyboard navigation tested
  • Responsive UI verified
  • Accessibility labels added where needed
    (N/A - This PR does not contain UI changes)

Additional Notes

Important for Maintainers: As documented in #1828, although the previously leaked keys were removed from this file in commit 73682c3, they remain visible in the repository's Git history (originating in commit a9a5ae1). An administrator must still manually revoke and rotate the Supabase and GitHub OAuth keys to fully resolve the security incident.

@vercel
Copy link
Copy Markdown

vercel Bot commented Jun 1, 2026

@shankumar7 is attempting to deploy a commit to the PRIYANSHU DOSHI's projects Team on Vercel.

A member of the Team first needs to authorize it.

@github-actions github-actions Bot added gssoc26 GSSoC 2026 contribution type:feature GSSoC type bonus: new feature type:security GSSoC type bonus: security (+20 pts) labels Jun 1, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jun 1, 2026

GSSoC Label Checklist 🏷️

@Priyanshu-byte-coder — please apply the appropriate labels before merging:

Difficulty (pick one):

  • level:beginner — 20 pts
  • level:intermediate — 35 pts
  • level:advanced — 55 pts
  • level:critical — 80 pts

Quality (optional):

  • quality:clean — ×1.2 multiplier
  • quality:exceptional — ×1.5 multiplier

Validation (required to score):

  • gssoc:approved — counts for points
  • gssoc:invalid / gssoc:spam / gssoc:ai-slop — does not score

Type labels (type:*) are auto-detected from files and title. Review and adjust if needed.
Points formula: (difficulty × quality_multiplier) + type_bonus

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Priyanshu-byte-coder Priyanshu-byte-coder Awaiting requested review from Priyanshu-byte-coder Priyanshu-byte-coder is a code owner

Assignees

@shankumar7 shankumar7

Labels

gssoc26 GSSoC 2026 contribution type:feature GSSoC type bonus: new feature type:security GSSoC type bonus: security (+20 pts)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[SECURITY/CHORE] Add strict warning to .env.example and rotate previously leaked keys

1 participant

@shankumar7