Skip to content

Rotate leaked Trustless Work API key committed in .env.example#328

Open
midenotch wants to merge 1 commit into
Kaizenode:mainfrom
midenotch:rotate-leak
Open

Rotate leaked Trustless Work API key committed in .env.example#328
midenotch wants to merge 1 commit into
Kaizenode:mainfrom
midenotch:rotate-leak

Conversation

@midenotch

Copy link
Copy Markdown

Closes #318

📝 Pull Request Title

🛠️ Issue

📖 Description

  1. We confirmed the issue: the file p2p-safe-swap/app/api/.env.example had a real Trustless Work API key committed.
  2. We checked p2p-safe-swap/.gitignore and confirmed that .env, .env.local, and .env*.local are properly ignored.
  3. We replaced the real API key with a placeholder TW_API_KEY=your_api_key_here in .env.example.
  4. We searched the entire repo and found no other files containing the exposed key.
    Now, the next steps for the user would be to:
  • Rotate/revoke the exposed key with Trustless Work.
  • Ensure that the real API key is only stored in untracked .env files or secret managers going forward.

✅ Changes made

🖼️ Media (screenshots/videos)

📜 Additional Notes

@midenotch

Copy link
Copy Markdown
Author

Done, Close: #328

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Rotate leaked Trustless Work API key committed in .env.example Implement dispute opening via POST /escrow/single-release/v2/dispute

1 participant