[Security Notice] Exposed API Credentials Detected
Hello! This is a responsible disclosure notification.
An automated scanner found what appears to be an exposed Google API API key committed to this repository.
This notification was sent to help you, before someone with bad intentions finds and uses your credentials.
API keys exposed in public repositories are actively targeted by malicious actors.
What you should do RIGHT NOW
- Revoke the exposed key immediately at the provider's dashboard:
- Generate a new key to replace it
- Remove the key from git history (removing the file is not enough):
# Install git-filter-repo first: pip install git-filter-repo
git filter-repo --path <file-with-key> --invert-paths
git push --force
- Store keys safely going forward — use a
.env file and add it to .gitignore:
echo '.env' >> .gitignore
- Prevent future leaks with gitleaks pre-commit hooks
Why removing the file is not enough
Git stores the full history. Even after you delete or edit the file,
the old commit with the key is still accessible via git log.
You must rewrite history or consider the key permanently compromised.
This is an automated responsible disclosure notification.
No credential values were stored by this scanner.
If this is a false positive, please close this issue.
Stay safe!
[Security Notice] Exposed API Credentials Detected
Hello! This is a responsible disclosure notification.
An automated scanner found what appears to be an exposed Google API API key committed to this repository.
What you should do RIGHT NOW
.envfile and add it to.gitignore:Why removing the file is not enough
Git stores the full history. Even after you delete or edit the file,
the old commit with the key is still accessible via
git log.You must rewrite history or consider the key permanently compromised.
This is an automated responsible disclosure notification.
No credential values were stored by this scanner.
If this is a false positive, please close this issue.
Stay safe!