Hugging Face's logo

Spaces:
kenken999
/
fastapi_django_main_live
Running

App Files Community
fastapi_django_main_live / others /fix_secrets.sh
GitHub Action
πŸš€ Auto-deploy from GitHub Actions
7b7bdab
raw
history blame
2.1 kB
 #!/bin/bash
# Script to securely regenerate .env file after secret exposure
# This script helps you safely create a new .env file with fresh secrets
echo "🚨 SECURITY: Regenerating .env file with new secrets"
echo "========================================================="
# Backup the current .env (without secrets)
if [ -f .env ]; then
echo "πŸ“„ Backing up current .env to .env.backup"
cp .env .env.backup
fi
# Copy template
echo "πŸ“‹ Creating new .env from template"
cp .env.example .env
echo ""
echo "πŸ”§ REQUIRED ACTIONS:"
echo "==================="
echo ""
echo "1. πŸ”‘ Generate new GitHub Personal Access Token:"
echo " β†’ Go to: https://github.com/settings/tokens"
echo " β†’ Generate new token (classic)"
echo " β†’ Select required scopes: repo, workflow, admin:org"
echo " β†’ Replace 'ghp_your_github_personal_access_token' in .env"
echo ""
echo "2. πŸ”‘ Generate new Google Cloud Service Account:"
echo " β†’ Go to: https://console.cloud.google.com/iam-admin/serviceaccounts"
echo " β†’ Create new service account"
echo " β†’ Download JSON key file"
echo " β†’ Store as 'service-account-key.json' (NOT in git)"
echo " β†’ Update GOOGLE_APPLICATION_CREDENTIALS path in .env"
echo ""
echo "3. πŸ”„ Update other API keys if compromised:"
echo " β†’ Groq API key"
echo " β†’ HuggingFace token"
echo " β†’ Any other sensitive tokens"
echo ""
echo "4. πŸ“ Edit .env file with your actual values"
echo ""
echo "5. βœ… Verify .env is in .gitignore (already done)"
echo ""
echo "⚠️ NEVER commit the .env file to version control!"
echo "⚠️ The exposed tokens have been invalidated and must be regenerated!"
echo ""
echo "πŸ”§ Next steps after updating .env:"
echo "================================="
echo "1. Remove .env from git history: git filter-branch --force --index-filter 'git rm --cached --ignore-unmatch .env' --prune-empty --tag-name-filter cat -- --all"
echo "2. Force push (DANGEROUS): git push origin --force --all"
echo "3. Test application: python app.py"
echo ""
echo "πŸ“§ Contact your team to update any shared secrets!"