Security and GitHub Preparation

Before pushing changes to GitHub, ensure all sensitive information is secured:Security Checklist

  • Environment Variables:

    • Never commit .env files with real API keys or private keys.

    • Use .env.example with placeholder values.

    • Verify .env files are in .gitignore.

  • Wallet Data:

    • Exclude wallet files (e.g., JSON, keystore) via .gitignore.

    • Ensure no private keys or mnemonics are hardcoded.

  • API Keys:

    • Remove hardcoded API keys from the codebase.

    • Use environment variables for secure key management.

  • Test Data:

    • Sanitize test data to remove sensitive information.

    • Use mock data for testing.

  • Before Commits:

    • Run git status to check for sensitive files.

    • Review changes with git diff to ensure no secrets are included.

    • Consider using a pre-commit hook to scan for sensitive information.

Handling SecretsFor local development, manage secrets securely:bash

# Copy the example environment file
cp .env.example .env

# Edit with your credentials
nano .env

The .gitignore file excludes sensitive files like:

  • .env files

  • Wallet data in data/wallets/

  • Secret keys in data/secrets/

Last updated