This repository is a public portfolio application and must not contain real credentials, private keys, database dumps or internal infrastructure details.
Security fixes are applied to main.
- Keep
.env,mysecrets.yml, private keys and database dumps out of Git. - Use
.env.exampleandmysecrets.yml.exampleonly with placeholder values. - Rotate any credential that was ever committed before publishing.
- Do not publish logs containing user data, tokens, IPs from private networks or production hostnames.
Open a private report or contact the maintainer before publishing details about credential exposure or security vulnerabilities.