Page cover

Handling secrets

Security and GitHub Preparation

Before pushing changes to GitHub or any public repository, ensure all sensitive information is properly secured:

Security Checklist

  1. Environment Variables:

    • Never commit .env files containing real API keys or private keys

    • Use .env.example files with placeholder values instead

    • Check that all .env files are properly listed in .gitignore

  2. Wallet Data:

    • All wallet files (JSON, keystore, etc.) should be excluded via .gitignore

    • Verify no private keys or mnemonics are hardcoded in any files

  3. API Keys:

    • Remove any hardcoded API keys from the codebase

    • Use environment variables or secure key management solutions

  4. Test Data:

    • Sanitize test data to remove any sensitive information

    • Use mock data for tests rather than real account information

  5. Before Commits:

    • Run git status to check which files will be committed

    • Review changes with git diff to ensure no secrets are included

    • Consider using a pre-commit hook to scan for sensitive information

Handling Secrets

For local development, secrets should be managed securely:

# Copy the example environment file
cp .env.example .env

# Edit the file with your actual credentials
nano .env  # or use any text editor

The .gitignore file is configured to exclude sensitive files including:

  • .env files in all directories

  • Wallet data in data/wallets/

  • Secret keys in data/secrets/

  • Any files matching patterns like *wallet*.json, *key*, etc.

Last updated