Security Notes

Urgent actions

Rotate any credentials that were previously committed (One.com SFTP, other keys).

Environment variables

Use the provided .env.sample and never commit a populated .env.
Required vars used by One.com helpers: ONE_SFTP_HOST, ONE_SFTP_USER, ONE_SFTP_PASSWORD, ONE_SFTP_PORT, ONE_SFTP_REMOTE_ROOT, ONE_LOCAL_UPLOAD_PATH.

Quick secret-scan

Install gitleaks and run:

gitleaks detect --source . --report-path gitleaks-report.json
Fallback grep (no gitleaks):

git grep -n -I -E "password|passwd|secret|api[_-]?key|private_key|ssh-|BEGIN RSA PRIVATE KEY"

Removing secrets from history

Rotate credentials immediately. If secrets are found in commit history, use git-filter-repo or the BFG Repo-Cleaner to purge them, then rotate again.

Prevention

Add a pre-commit or CI secret-scan (gitleaks) to block commits with secrets.

CI / pre-commit

A GitHub Actions workflow /.github/workflows/secret-scan.yml runs gitleaks on pushes and PRs and will fail checks if leaks are found.
A .pre-commit-config.yaml using detect-secrets is included; install pre-commit locally and run pre-commit install to enable local checks.

Example local setup:

pip install pre-commit detect-secrets
pre-commit install
pre-commit run --all-files

Contact

If you want, I can run the repo scan now and produce a findings report.

Name		Name	Last commit message	Last commit date
Latest commit History 249 Commits
.github		.github
.vscode		.vscode
agent		agent
alembic		alembic
app		app
deploy		deploy
docs		docs
merchant-dashboard		merchant-dashboard
migrations		migrations
scripts		scripts
terraform		terraform
tests		tests
webshop		webshop
webshop_for_upload		webshop_for_upload
webshop_plugins		webshop_plugins
.env.example		.env.example
.env.prod		.env.prod
.env.sample		.env.sample
.gitignore		.gitignore
.pre-commit-config.yaml		.pre-commit-config.yaml
.vercelignore		.vercelignore
AI_CHAT_WIDGET_CODE.html		AI_CHAT_WIDGET_CODE.html
API_DOCUMENTATION.md		API_DOCUMENTATION.md
CODE_BACKUP_2026-02-13.txt		CODE_BACKUP_2026-02-13.txt
COINBASE_COMMERCE_SETUP.md		COINBASE_COMMERCE_SETUP.md
COINBASE_DEPLOYMENT_SUMMARY.md		COINBASE_DEPLOYMENT_SUMMARY.md
CONTACT_FORM_DEPLOYMENT_CHECKLIST.md		CONTACT_FORM_DEPLOYMENT_CHECKLIST.md
CONTACT_FORM_GUIDE.md		CONTACT_FORM_GUIDE.md
CONTACT_FORM_QUICK_START.md		CONTACT_FORM_QUICK_START.md
CONTACT_FORM_SUMMARY.md		CONTACT_FORM_SUMMARY.md
DELIVERY_SUMMARY.md		DELIVERY_SUMMARY.md
DEPLOYMENT_COMPLETE.md		DEPLOYMENT_COMPLETE.md
DEPLOYMENT_STATUS.md		DEPLOYMENT_STATUS.md
DEPLOY_IN_36_MINUTES.md		DEPLOY_IN_36_MINUTES.md
Dockerfile.prod		Dockerfile.prod
Dockerfile.txt		Dockerfile.txt
FINAL_STEP.md		FINAL_STEP.md
FTP_UPLOAD_QUICK_START.md		FTP_UPLOAD_QUICK_START.md
INDEX.md		INDEX.md
INVOICE_EDITING_COMPLETE.md		INVOICE_EDITING_COMPLETE.md
NEXT_STEPS.md		NEXT_STEPS.md
ONE_COM_UPLOAD_STEPS.md		ONE_COM_UPLOAD_STEPS.md
PHASE1_COMPLETE.md		PHASE1_COMPLETE.md
PHASE1_EXECUTIVE_SUMMARY.md		PHASE1_EXECUTIVE_SUMMARY.md
PHASE1_IMPLEMENTATION_PLAN.md		PHASE1_IMPLEMENTATION_PLAN.md
PHASE1_PROGRESS.md		PHASE1_PROGRESS.md
PHASE1_READY.md		PHASE1_READY.md
PHASE2_ARCHITECTURE.md		PHASE2_ARCHITECTURE.md
PHASE2_CHECKLIST.md		PHASE2_CHECKLIST.md
PHASE2_CODE_REFERENCE.md		PHASE2_CODE_REFERENCE.md
PHASE2_IMPLEMENTATION_COMPLETE.md		PHASE2_IMPLEMENTATION_COMPLETE.md
PHASE2_PAYMENT_REALITY.md		PHASE2_PAYMENT_REALITY.md
PHASE2_QUICK_REFERENCE.md		PHASE2_QUICK_REFERENCE.md
PHASE2_SUMMARY.md		PHASE2_SUMMARY.md
PROJECT_COMPLETION_SUMMARY.md		PROJECT_COMPLETION_SUMMARY.md
QUICKSTART.md		QUICKSTART.md
QUICKSTART_COMPLETE.md		QUICKSTART_COMPLETE.md
README_CLICK_ME_FIRST.md		README_CLICK_ME_FIRST.md
README_DEPLOY.md		README_DEPLOY.md
SECURITY.md		SECURITY.md
SECURITY_CLEANUP.md		SECURITY_CLEANUP.md
SFTP_UPLOAD_GUIDE.md		SFTP_UPLOAD_GUIDE.md
START_HERE.md		START_HERE.md
START_UPLOAD.bat		START_UPLOAD.bat
TESTING_CHECKLIST.md		TESTING_CHECKLIST.md
UPLOAD_NOW.bat		UPLOAD_NOW.bat
UPLOAD_SIMPLE.bat		UPLOAD_SIMPLE.bat
UPLOAD_VIA_SFTP.bat		UPLOAD_VIA_SFTP.bat
UPLOAD_WINSCP_PORTABLE.bat		UPLOAD_WINSCP_PORTABLE.bat
VISUAL_GUIDE.md		VISUAL_GUIDE.md
WinSCP-Setup.exe		WinSCP-Setup.exe
agent.py		agent.py
alembic.ini		alembic.ini
api_keys.json		api_keys.json
apiblockchain_webshop_ready_to_upload.zip		apiblockchain_webshop_ready_to_upload.zip
audit.log		audit.log
auth.py		auth.py
check_files.py		check_files.py
check_htaccess.py		check_htaccess.py
check_onecom.py		check_onecom.py
check_server_files.py		check_server_files.py
current_index.html		current_index.html
db.py		db.py
db_sqlite.py		db_sqlite.py
demo_merchant_journey.py		demo_merchant_journey.py
deploy_as_home.py		deploy_as_home.py
deploy_full_site.py		deploy_full_site.py
deploy_to_onecom.py		deploy_to_onecom.py
deploy_to_vercel.bat		deploy_to_vercel.bat
detect-secrets-report.json		detect-secrets-report.json
detect-secrets-report.txt		detect-secrets-report.txt
docker-compose.prod.yml		docker-compose.prod.yml
docker-compose.yml		docker-compose.yml
download_server_file.py		download_server_file.py
entrypoint.ps1		entrypoint.ps1
entrypoint.sh		entrypoint.sh
find_contacts.py		find_contacts.py
force_override_onecom_builder.py		force_override_onecom_builder.py
force_upload.py		force_upload.py
invoices.json		invoices.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Security Notes

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

Security Notes

About

Security policy

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages