Skip to content

Security: Fix exposed groq API key in .env #103

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
zscole wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Security: Fix exposed groq API key in .env #103

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .env
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
VITE_GROQ_API_KEY=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
VITE_GROQ_API_KEY=YOUR_API_KEY_HERE # Replace with your actual key
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Feb 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Verify security remediation completeness

echo "=== Checking .gitignore for .env patterns ==="
if [ -f .gitignore ]; then
  rg -n '\.env' .gitignore || echo "❌ No .env patterns found in .gitignore"
else
  echo "❌ .gitignore file not found"
fi

echo -e "\n=== Checking for .env.example ==="
if [ -f .env.example ]; then
  echo "✓ .env.example exists"
  cat .env.example
else
  echo "❌ .env.example not found"
fi

echo -e "\n=== Checking if .env is still tracked ==="
git ls-files | rg '^\.env$' && echo "❌ .env is still tracked in git" || echo "✓ .env is not tracked"

echo -e "\n=== Checking git status ==="
git status --short .env 2>/dev/null || echo "Cannot check git status for .env"

echo -e "\n=== Checking recent git commits ==="
git log --oneline -n 10 -- .env 2>/dev/null || echo "No recent commits found for .env"

Repository: ayush585/edgex

Length of output: 398

Remove .env from version control entirely—the file should never be tracked in git.

The PR only replaces the exposed key with a placeholder, which is insufficient. Verification confirms three critical issues remain unaddressed:

  1. .env is still tracked in git — developers will replace the placeholder with actual keys and risk committing them again.
  2. .gitignore has no .env exclusion — future commits of .env are not prevented.
  3. .env.example was not created — no template exists for developers to configure their environment.

Required actions:

  1. Remove .env from tracking: git rm .env
  2. Create .env.example with placeholders for documentation
  3. Update .gitignore to include .env and .env.* (except .env.example)
  4. Clean git history to remove the exposed key: use git filter-branch or bfg --delete-files .env
  5. Revoke the exposed key at the GROQ API dashboard
🧰 Tools
🪛 dotenv-linter (4.0.0)

[warning] 1-1: [EndingBlankLine] No blank line at the end of the file

(EndingBlankLine)

[warning] 1-1: [ValueWithoutQuotes] This value needs to be surrounded in quotes

(ValueWithoutQuotes)

🤖 Prompt for AI Agents 
In @.env at line 1, The .env file is still tracked and exposes a secret; stop
tracking it, add a template, and prevent future commits: remove the .env file
from git tracking (use git to untrack/delete it from the index and commit that
change), add a .env.example file containing the same keys as .env but with
placeholder values, update .gitignore to include .env and .env.* while keeping
.env.example allowed, purge the sensitive .env from repository history using a
history-rewrite tool (e.g., filter-branch or BFG), and ensure the exposed GROQ
API key is revoked in the GROQ dashboard; locate and update the files named
.env, .env.example, and .gitignore in the repo root.