All sensitive data (passwords, API keys) moved to .env file.
.env- Contains actual secrets (NOT in git).env.example- Template for other developers (in git).gitignore- Updated to exclude.envfiles
services/mockApi.ts now uses environment variables instead of hardcoded passwords.
Before (Insecure):
password: "admin@brocode" // ❌ Hardcoded in codeAfter (Secure):
password: import.meta.env.VITE_ADMIN_PASSWORD || "changeme" // ✅ From .env-
Copy the example file:
copy .env.example .env
-
Edit
.envand add your credentials:VITE_ADMIN_PASSWORD=your_password_here VITE_USER_PASSWORD=your_password_here
-
Never commit
.envto git!- It's already in
.gitignore - Only commit
.env.example
- It's already in
services/mockApi.tsis only for local testing- Production uses Supabase (real database)
- Mock passwords are safe because they're not in production
- Real passwords are in Supabase database
- Supabase handles authentication securely
- No passwords stored in frontend code
- After this fix, GitGuardian warnings will stop
- Old commits may still show warnings (that's okay)
- New commits will be clean
If you have old code with hardcoded passwords:
- Pull latest changes
- Create
.envfile from.env.example - Add your passwords to
.env - Restart dev server:
npm run dev
✅ DO:
- Use environment variables for secrets
- Keep
.envin.gitignore - Share
.env.examplewith team - Use different passwords for dev/prod
❌ DON'T:
- Commit
.envto git - Share passwords in code
- Use same password everywhere
- Hardcode API keys
- Passwords moved to environment variables
-
.envadded to.gitignore -
.env.examplecreated for team - Mock API updated to use env vars
- Documentation created
Need help? Check .env.example for required variables!