Skip to content

Rotate leaked Trustless Work API key committed in .env.example #318

Description

@grantfox-oss

Problem

app/api/.env.example has what appears to be a real API key committed to the repo (TW_API_KEY=7p9eNvg2VFR6...).

Expected behavior

  • Rotate/revoke the exposed key with Trustless Work.
  • Replace the value in .env.example with a placeholder, e.g. TW_API_KEY=your_api_key_here.
  • Confirm the real key is only ever stored in untracked .env files or secret managers.

Priority

High — this is a credential leak and should be handled before other Trustless Work work lands.

Metadata

Metadata

Assignees

Labels

GrantFox OSSIssue tracked in GrantFox OSSMaybe RewardedIssue may be eligible for a GrantFox rewardOfficial Campaign | FWC26Campaign: Official Campaign | FWC26

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions