# Security and GitHub Preparation

<figure><img src="https://1522519231-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FST0HkXZPgoaIsa818gsK%2Fuploads%2Fxvo3VgvuAgVlBz6wUrP4%2Fbanner%20-%202025-03-27T121508.169.png?alt=media&#x26;token=8b0e2474-c5fe-4ce9-99c2-e9f99a3751d0" alt=""><figcaption></figcaption></figure>

Before pushing changes to GitHub, ensure all sensitive information is secured:Security Checklist

* Environment Variables:
  * Never commit .env files with real API keys or private keys.
  * Use .env.example with placeholder values.
  * Verify .env files are in .gitignore.
* Wallet Data:
  * Exclude wallet files (e.g., JSON, keystore) via .gitignore.
  * Ensure no private keys or mnemonics are hardcoded.
* API Keys:
  * Remove hardcoded API keys from the codebase.
  * Use environment variables for secure key management.
* Test Data:
  * Sanitize test data to remove sensitive information.
  * Use mock data for testing.
* Before Commits:
  * Run git status to check for sensitive files.
  * Review changes with git diff to ensure no secrets are included.
  * Consider using a pre-commit hook to scan for sensitive information.

Handling SecretsFor local development, manage secrets securely:bash

```bash
# Copy the example environment file
cp .env.example .env

# Edit with your credentials
nano .env
```

The .gitignore file excludes sensitive files like:

* .env files
* Wallet data in data/wallets/
* Secret keys in data/secrets/