Skip to content

[CE-043] .gitignore doesn't include *.env — staging.env or prod.env files can be committed accidentally #83

Description

@Jaydbrown

Problem

.gitignore contains only a single entry:

/target

This means:

  1. .env files (containing STELLAR_SECRET_KEY, NETWORK, SOROBAN_RPC_URL) could be accidentally committed
  2. *.env files (e.g., .env.production, .env.testnet) are not ignored
  3. IDE-specific files (.idea/, .vscode/, *.swp) are not ignored
  4. *.env.local files are not ignored

Given that this is a payment engine that handles Stellar secret keys, accidentally committing an .env file containing STELLAR_SECRET_KEY=S... would be a critical security incident.

Root Cause

The .gitignore was created with only the Rust standard entry (/target) and never extended. The .env.example file confirms that secret keys are configured via environment variables, but the .gitignore doesn't protect against accidentally committing real values.

Impact

  • A developer who creates .env by copying .env.example and filling in real values could git add . and commit their Stellar secret key
  • GitHub's secret scanning may catch it, but the key would need to be rotated immediately
  • No protection against committing *.log files, IDE configs, or test artifacts

Fix

Replace .gitignore with a comprehensive version:

# Rust build artifacts
/target
*.rlib

# Environment files — NEVER commit real secrets
.env
.env.*
!.env.example    # Allow .env.example (contains no real secrets)

# IDE and editor files
.idea/
.vscode/
*.swp
*.swo
*~
.DS_Store

# Generated documentation
/docs/target/

# Coverage reports
lcov.info
coverage/
*.profraw
*.profdata

# Key files (additional protection beyond .env)
*.pem
*.key
*.p12
private_key*
secret_key*

# OS files
Thumbs.db
ehthumbs.db
Desktop.ini

# Test artifacts
test-results/
*.test

Also add a pre-commit hook to prevent accidental secret commits:

# .git/hooks/pre-commit (or use cargo-husky)
#!/usr/bin/env bash

# Prevent committing files that might contain secrets
if git diff --cached --name-only | grep -E '\.(env|key|pem)$' | grep -v '.env.example'; then
    echo "ERROR: Attempting to commit a potentially sensitive file."
    echo "If this is intentional, use: git commit --no-verify"
    exit 1
fi

Document in README:

## Security

Never commit real environment variable files. The `.gitignore` excludes all `.env` files except `.env.example`.

If you accidentally commit a secret key:
1. Immediately revoke the key on Stellar (create a new account or rotate signers)
2. Force-push to remove the commit from history: `git filter-branch` or `git-filter-repo`
3. Notify the team via the security disclosure process

Steps to Verify

  1. Create .env with STELLAR_SECRET_KEY=S... in repo root
  2. Run git status.env should NOT appear in untracked files
  3. git add .env — should either fail (with hook) or produce a warning
  4. git add .env.example — should succeed (explicitly allowlisted)
  5. grep -r "STELLAR_SECRET_KEY=S" $(git rev-parse --git-dir)/.. — no real keys in tracked files

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingpriority: lowCosmetic, docs, or minor improvements

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions