I Leaked API Keys Through My .env File — Here's What I Learned About Secret Management Last...
I Leaked API Keys Through My .env File — Here's What I Learned About Secret Management
Last month, I pushed a commit that included a .env.production file.
Not a .env.example. Not a redacted template. The actual file with real API keys, database credentials, and webhook secrets.
It was in the repo for exactly 4 minutes before I realized what I'd done.
Those 4 minutes were the longest of my developer career.
We’ve all been there. You have a dozen side projects, and your API keys, database connection strings,...
A practical guide to detecting leaked credentials before they hit GitHub, scrubbing them from git history when they do, and…
You've locked down your AWS credentials. You've got secret scanning on your repos. You rotate your...
Here's a hard truth I learnt after watching a production database get wiped by a leaked .env file:...
The Problem We Were Actually Solving We needed a staging environment that could tolerate...
A new study reveals how AI coding assistants like Claude Code are quietly hoarding and publishing sensitive API keys to code…
