Problem
.gitignore contains only a single entry:
This means:
.env files (containing STELLAR_SECRET_KEY, NETWORK, SOROBAN_RPC_URL) could be accidentally committed
*.env files (e.g., .env.production, .env.testnet) are not ignored
- IDE-specific files (
.idea/, .vscode/, *.swp) are not ignored
*.env.local files are not ignored
Given that this is a payment engine that handles Stellar secret keys, accidentally committing an .env file containing STELLAR_SECRET_KEY=S... would be a critical security incident.
Root Cause
The .gitignore was created with only the Rust standard entry (/target) and never extended. The .env.example file confirms that secret keys are configured via environment variables, but the .gitignore doesn't protect against accidentally committing real values.
Impact
- A developer who creates
.env by copying .env.example and filling in real values could git add . and commit their Stellar secret key
- GitHub's secret scanning may catch it, but the key would need to be rotated immediately
- No protection against committing
*.log files, IDE configs, or test artifacts
Fix
Replace .gitignore with a comprehensive version:
# Rust build artifacts
/target
*.rlib
# Environment files — NEVER commit real secrets
.env
.env.*
!.env.example # Allow .env.example (contains no real secrets)
# IDE and editor files
.idea/
.vscode/
*.swp
*.swo
*~
.DS_Store
# Generated documentation
/docs/target/
# Coverage reports
lcov.info
coverage/
*.profraw
*.profdata
# Key files (additional protection beyond .env)
*.pem
*.key
*.p12
private_key*
secret_key*
# OS files
Thumbs.db
ehthumbs.db
Desktop.ini
# Test artifacts
test-results/
*.test
Also add a pre-commit hook to prevent accidental secret commits:
# .git/hooks/pre-commit (or use cargo-husky)
#!/usr/bin/env bash
# Prevent committing files that might contain secrets
if git diff --cached --name-only | grep -E '\.(env|key|pem)$' | grep -v '.env.example'; then
echo "ERROR: Attempting to commit a potentially sensitive file."
echo "If this is intentional, use: git commit --no-verify"
exit 1
fi
Document in README:
## Security
Never commit real environment variable files. The `.gitignore` excludes all `.env` files except `.env.example`.
If you accidentally commit a secret key:
1. Immediately revoke the key on Stellar (create a new account or rotate signers)
2. Force-push to remove the commit from history: `git filter-branch` or `git-filter-repo`
3. Notify the team via the security disclosure process
Steps to Verify
- Create
.env with STELLAR_SECRET_KEY=S... in repo root
- Run
git status — .env should NOT appear in untracked files
git add .env — should either fail (with hook) or produce a warning
git add .env.example — should succeed (explicitly allowlisted)
grep -r "STELLAR_SECRET_KEY=S" $(git rev-parse --git-dir)/.. — no real keys in tracked files
Problem
.gitignorecontains only a single entry:This means:
.envfiles (containingSTELLAR_SECRET_KEY,NETWORK,SOROBAN_RPC_URL) could be accidentally committed*.envfiles (e.g.,.env.production,.env.testnet) are not ignored.idea/,.vscode/,*.swp) are not ignored*.env.localfiles are not ignoredGiven that this is a payment engine that handles Stellar secret keys, accidentally committing an
.envfile containingSTELLAR_SECRET_KEY=S...would be a critical security incident.Root Cause
The
.gitignorewas created with only the Rust standard entry (/target) and never extended. The.env.examplefile confirms that secret keys are configured via environment variables, but the.gitignoredoesn't protect against accidentally committing real values.Impact
.envby copying.env.exampleand filling in real values couldgit add .and commit their Stellar secret key*.logfiles, IDE configs, or test artifactsFix
Replace
.gitignorewith a comprehensive version:Also add a pre-commit hook to prevent accidental secret commits:
Document in README:
Steps to Verify
.envwithSTELLAR_SECRET_KEY=S...in repo rootgit status—.envshould NOT appear in untracked filesgit add .env— should either fail (with hook) or produce a warninggit add .env.example— should succeed (explicitly allowlisted)grep -r "STELLAR_SECRET_KEY=S" $(git rev-parse --git-dir)/..— no real keys in tracked files