Handling secrets

Security and GitHub Preparation

Before pushing changes to GitHub or any public repository, ensure all sensitive information is properly secured:

Security Checklist

1. Environment Variables:

   • Never commit .env files containing real API keys or private keys

   • Use .env.example files with placeholder values instead

   • Check that all .env files are properly listed in .gitignore

2. Wallet Data:

   • All wallet files (JSON, keystore, etc.) should be excluded via .gitignore

   • Verify no private keys or mnemonics are hardcoded in any files

3. API Keys:

   • Remove any hardcoded API keys from the codebase

   • Use environment variables or secure key management solutions

4. Test Data:

   • Sanitize test data to remove any sensitive information

   • Use mock data for tests rather than real account information

5. Before Commits:

   • Run git status to check which files will be committed

   • Review changes with git diff to ensure no secrets are included

   • Consider using a pre-commit hook to scan for sensitive information

Handling Secrets

For local development, secrets should be managed securely:

# Copy the example environment file
cp .env.example .env

# Edit the file with your actual credentials
nano .env  # or use any text editor

The .gitignore file is configured to exclude sensitive files including:

• .env files in all directories

• Wallet data in data/wallets/

• Secret keys in data/secrets/

• Any files matching patterns like *wallet*.json, *key*, etc.