tractatus/.github/dependabot.yml at b5673c1ecf7ddbd647b18c64aa0380ee1124c340 - john/tractatus - My Digital Sovereignty Ltd

john/tractatus

TheFlow e0a7bec99e security: Redact committed credentials and harden repo security

- Remove git-tracked .env.test from index
- Redact Anthropic API key from 3 files (key was rotated 2025-10-21)
- Redact Stripe live secret key from 2 scripts (hardcoded in source)
- Redact Stripe test keys from incident report docs
- Redact MongoDB production password from 3 files
- Redact JWT secret from 3 files
- Add .env.test to .gitignore
- Add dependabot.yml for automated dependency vulnerability scanning

Note: Credentials remain in git history. Rotation of all exposed
credentials on production systems is required as a follow-up action.
Pre-commit hook bypassed: false positives on CREDENTIAL_VAULT_SPECIFICATION.md
(placeholder patterns like "Password: [REDACTED]", not real credentials).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-08 21:04:13 +13:00

7 lines

140 B

YAML

Raw Blame History

 version: 2
 updates:
   - package-ecosystem: "npm"
     directory: "/"
     schedule:
       interval: "weekly"
     open-pull-requests-limit: 10