NEVER commit the following files to the repository:
db/image-settings.json- Contains API keys and server URLs.envfiles - Contains environment-specific secrets- Any files with API keys, passwords, or tokens
The db/image-settings.json file contains sensitive configuration for image generation:
- Gemini API keys
- ComfyUI server URLs
- Provider settings
Setup Instructions:
- Copy
db/image-settings.example.jsontodb/image-settings.json - Fill in your actual API keys and server URLs
- This file is gitignored and will not be committed
Example structure:
{
"provider": "nanobanana",
"comfyuiServerUrl": "http://localhost:8188",
"geminiApiKey": "your-actual-api-key-here"
}- Use Example Files: Always commit
.example.jsonor.example.envfiles showing the structure without sensitive values - Update .gitignore: Add any new sensitive files to
.gitignoreimmediately - Local Configuration: Keep all API keys and credentials in local files that are gitignored
- Regular Audits: Review commits before pushing to ensure no sensitive data is included
If you accidentally commit sensitive data:
- Immediately revoke the exposed credentials (API keys, tokens, etc.)
- Remove from git history using
git filter-branchor BFG Repo-Cleaner - Force push the cleaned history (requires write access)
- Generate new credentials and update local configuration
The SQLite database (*.sqlite files) contains local user data and should never be committed to the repository. The .gitignore file already excludes these files.
If you discover a security vulnerability, please email ruucm.a@gmail.com instead of creating a public issue.