Skip to content

Security report — possible Mailchimp API key in committed source (please contact privately) #52

Description

@Raffa-jarrl

Hi —

Automated security scan flagged what appears to be a hardcoded Mailchimp API key committed to your public repo. I'm not posting the key here for responsible-disclosure reasons.

Please contact me at Raffa@Lictor-AI.com and I'll send the exact file/line + redacted excerpt.

The fix is two steps:

  1. Rotate the Mailchimp key NOW (their dashboard → API keys → revoke + create new)
  2. git filter-repo to scrub the old key from repo history
  3. Move the new key to an env var / secrets manager, NEVER commit it

A note: this came from an automated scan I manually verified before reaching out. If we're wrong (test/sandbox key, already-rotated), reply and we'll close out. No blame intended.

Want this scan for your own projects? https://lictorai.com/scan

— Raffa
Lictor AI · https://lictorai.com

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions