API keys were accidentally committed to the repository. Follow these steps IMMEDIATELY:
- Go to: https://console.cloud.google.com/apis/credentials
- Delete these compromised keys:
AIzaSyBZJudQhW7fkj_dX6lpCazvgEGrD5kYT48AIzaSyDHpOyZX0EJx4ueRLR7CP0Q68n_rp15cwc
- Generate new API keys
- Update your local .env files with new keys
# In backend/.env (create if doesn't exist)
GEMINI_API_KEY=your_new_gemini_key_here
YOUTUBE_API_KEY=your_new_youtube_key_here
SECRET_KEY=your_secret_key_here
ADMIN_PASSWORD=your_admin_password_here# Download BFG from: https://rtyley.github.io/bfg-repo-cleaner/
java -jar bfg.jar --delete-files "*.env" --no-blob-protection
java -jar bfg.jar --replace-text patterns.txt --no-blob-protection
git reflog expire --expire=now --all
git gc --prune=now --aggressive
git push --force# Remove sensitive files from all commits
git filter-branch --force --index-filter \
'git rm --cached --ignore-unmatch backend/.env' \
--prune-empty --tag-name-filter cat -- --all
# Force push (WARNING: This rewrites history)
git push --force --all- Create a new repository on GitHub
- Copy current code (without .git folder)
- Initialize fresh git repo
- Commit clean code
- Update repository links
Ensure these lines are in .gitignore:
# Environment variables
.env
.env.local
.env.production
.env.development
**/.env
**/env
Install git-secrets:
# Install git-secrets
git secrets --install
git secrets --register-aws
git secrets --add 'AIza[0-9A-Za-z_-]{35}'- Enable security alerts in repository settings
- Set up notifications for secret scanning
- Regularly review security advisories
- Use tools like GitLeaks or TruffleHog
- Scan for secrets before commits
- Implement CI/CD security checks