Heads up — found an exposed credential in .env.digitalocean.
The file contains a DigitalOcean environment secret that is committed to this repository's git history and publicly visible.
Rotate this credential now. Revoke it in your DigitalOcean control panel and generate a new one. That is the critical step. Removing the file from HEAD is not enough — the secret is in git history.
After rotating:
- Run
git rm --cached .env.digitalocean to stop tracking the file.
- Add
.env.digitalocean to .gitignore if it isn't already covered.
- Rewriting history (BFG or git filter-repo) reduces the exposure window but is optional once rotation is done.
Found by https://github.com/molloyzak13/zak-guard, a pre-commit hook that catches this class of leak. Feedback welcome if you try it.
Heads up — found an exposed credential in
.env.digitalocean.The file contains a DigitalOcean environment secret that is committed to this repository's git history and publicly visible.
Rotate this credential now. Revoke it in your DigitalOcean control panel and generate a new one. That is the critical step. Removing the file from HEAD is not enough — the secret is in git history.
After rotating:
git rm --cached .env.digitaloceanto stop tracking the file..env.digitaloceanto.gitignoreif it isn't already covered.Found by https://github.com/molloyzak13/zak-guard, a pre-commit hook that catches this class of leak. Feedback welcome if you try it.