🔴 Multiple Service Credentials Exposed in .env.docker-compose and .env.server
Multiple .env.* files have been committed to this repository containing real credentials:
Exposed Credentials:
- MinIO Root Password:
rootpassword (in .env.docker-compose)
- Redis Password:
thisredispasswordisverysecureandcomplex (in .env.docker-compose and .env.server)
- Qdrant API Key:
qdrant_pass (in .env.server)
- Admin API Key:
admin (in .env.docker-compose)
Files:
.env.docker-compose
.env.server
Recommended Action:
- Immediately rotate all exposed passwords and API keys
- Remove these files from git history using
git filter-branch or git filter-repo
- Add all
.env* files to .gitignore
- Use environment variables or secrets management (e.g., Docker secrets, HashiCorp Vault) instead of committed config files
Discovered via automated GitHub code search as part of vulnerability research.
☕ Buy me a coffee
🔴 Multiple Service Credentials Exposed in .env.docker-compose and .env.server
Multiple
.env.*files have been committed to this repository containing real credentials:Exposed Credentials:
rootpassword(in.env.docker-compose)thisredispasswordisverysecureandcomplex(in.env.docker-composeand.env.server)qdrant_pass(in.env.server)admin(in.env.docker-compose)Files:
.env.docker-compose.env.serverRecommended Action:
git filter-branchorgit filter-repo.env*files to.gitignoreDiscovered via automated GitHub code search as part of vulnerability research.
☕ Buy me a coffee