If you discover a security vulnerability in this repository, please report it privately.
- Do not open a public issue
- Contact the repository owner directly
- Provide detailed information about the vulnerability
- Allow reasonable time for a fix before public disclosure
- API tokens or keys
- Passwords or credentials
- Private keys
- Personal information
- Database connection strings
The following files are in .gitignore and should never be committed:
.secrets.txt- Contains local credentials- Any file with actual API tokens
- Never commit secrets
- Use environment variables for sensitive data
- Review changes before pushing
- Report accidental commits immediately
- Rotate tokens regularly
- Use minimal required permissions
- Monitor for unusual activity
- Keep credentials in
.secrets.txt(gitignored)
This is a testing repository with no production use. However, we still maintain security best practices to protect credentials and prevent accidental exposure.