undefined | Better HN

0 pointsseawlf8y ago0 comments

scripto.computer's Git repo is exposed http://scripto.computer/.git/HEAD

0 comments

Depending on what is in your git repo, please don’t be the next Uber - if you had any secrets in your repository (even historical), definitely roll all your API keys and check secrets/credentials etc.

tkone8y ago

Thankfully that was just our marketing site! Our team has fixed it (and re-issued any api key that could have been potentially compromised).

Our product isn't a monorepo (and has a much more rigorous release process than this site), so even if the main repo that does the build is ever exposed, the secrets aren't in there :)

Hentwonce468y ago

Uh yup. You can traverse the complete repo of the website.

j / k navigate · click thread line to collapse