Skip to content

SECURITY_CHECKLIST.md

Latest commit

Β 

History

History
76 lines (58 loc) Β· 1.62 KB

SECURITY_CHECKLIST.md

File metadata and controls

76 lines (58 loc) Β· 1.62 KB

Security Checklist

⚠️ CRITICAL: Environment File Security

Files Containing Sensitive Data

The following files contain API keys, secrets, and credentials:

.env
.env.prod
scripts/proxy-client/.env
atlantic-dashboard/.env.local

βœ… Verification Steps

  1. Check git status:
git status --ignored
  1. Verify .env files are ignored:
git check-ignore .env .env.prod scripts/proxy-client/.env
  1. Remove from git history if committed:
git rm --cached .env .env.prod scripts/proxy-client/.env
git commit -m "Remove sensitive environment files"

πŸ” Best Practices

  • βœ… Use .env.example templates (committed)
  • βœ… Use .env.local for actual secrets (gitignored)
  • ❌ Never commit actual API keys
  • βœ… Rotate keys if accidentally committed
  • βœ… Use environment-specific files (.env.development, .env.production)

🚨 If Credentials Were Exposed

  1. Immediately rotate all keys:

    • Paystack API keys
    • Oxylabs credentials
    • JWT secrets
    • Database passwords

  2. Remove from git history:

git filter-branch --force --index-filter \
  "git rm --cached --ignore-unmatch .env .env.prod" \
  --prune-empty --tag-name-filter cat -- --all
  1. Force push (if safe):
git push origin --force --all

πŸ“‹ Required Environment Variables

Backend (scripts/proxy-client/.env):

  • PAYSTACK_SECRET_KEY
  • PAYSTACK_PUBLIC_KEY
  • JWT_SECRET
  • OXYLABS_USERNAME (if using Oxylabs)
  • OXYLABS_PASSWORD

Dashboard (atlantic-dashboard/.env.local):

  • NEXT_PUBLIC_API_URL
  • NEXT_PUBLIC_PAYSTACK_PUBLIC_KEY

Last Updated: January 2026