Skip to content

Security: Fix exposed groq API key in .env #105

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
zscole wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Security: Fix exposed groq API key in .env #105

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .env
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
VITE_GROQ_API_KEY=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
VITE_GROQ_API_KEY=YOUR_API_KEY_HERE # Replace with your actual key
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Feb 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash

echo "=== Checking if .env exists and its tracking status ==="
if [ -f .env ]; then
  echo "✓ .env file exists"
  git ls-files | grep -q '^\.env$' && echo "✗ .env IS tracked in git" || echo "✓ .env is NOT tracked in git"
else
  echo "✗ .env file does not exist"
fi

echo -e "\n=== Checking .gitignore for .env patterns ==="
if [ -f .gitignore ]; then
  echo "Contents of .gitignore:"
  cat -n .gitignore
  echo -e "\nSearching for .env patterns:"
  grep -n '\.env' .gitignore || echo "✗ No .env patterns found in .gitignore"
else
  echo "✗ .gitignore file not found"
fi

echo -e "\n=== Checking for .env.example ==="
if [ -f .env.example ]; then
  echo "✓ .env.example exists"
  cat -n .env.example
else
  echo "✗ .env.example does not exist"
fi

echo -e "\n=== Checking git status and history for .env ==="
git status --short | grep -i env || echo "No .env changes in current status"

echo -e "\n=== Git log for .env file ==="
git log --oneline .env 2>/dev/null | head -5 || echo "No git history found for .env (file may not be tracked)"

echo -e "\n=== Checking for other env-related files ==="
fd -t f '\.env' . 2>/dev/null

Repository: ayush585/edgex

Length of output: 661

Critical: Remove .env from version control entirely.

The .env file is currently tracked in git without any .env patterns in .gitignore, violating fundamental security practices. While the exposed API key has been removed from the current file content, the file itself remains tracked in git history where the old key may still be accessible.

Required actions:

  1. Remove .env from git tracking:

    git rm --cached .env
git commit -m "Stop tracking .env in version control"

  2. Add .env to .gitignore:

    .env
.env.local
.env.*.local

  3. Create .env.example as a safe template:

    VITE_GROQ_API_KEY=your_api_key_here

  4. Clean git history to permanently remove the exposed key from all commits (use git filter-repo or bfg-repo-cleaner).

  5. Revoke the exposed API key immediately via Groq dashboard.

This change alone does not fully secure the repository—completing all steps above is necessary.

🧰 Tools
🪛 dotenv-linter (4.0.0)

[warning] 1-1: [EndingBlankLine] No blank line at the end of the file

(EndingBlankLine)

[warning] 1-1: [ValueWithoutQuotes] This value needs to be surrounded in quotes

(ValueWithoutQuotes)

🤖 Prompt for AI Agents 
In @.env at line 1, Remove the tracked .env file from version control (stop
tracking .env), add .env, .env.local and .env.*.local to .gitignore, create a
.env.example containing VITE_GROQ_API_KEY=your_api_key_here as the safe
template, purge the secret from git history using a tool like git-filter-repo or
BFG repo cleaner to permanently remove past commits containing the key, and
revoke the exposed API key in the Groq dashboard immediately.