Hugging Face's logo

Spaces:
kenken999
/
fastapi_django_main_live
Running

App Files Community
fastapi_django_main_live / others /fix_secrets.sh
GitHub Action
๐Ÿš€ Auto-deploy from GitHub Actions
7b7bdab
raw
history blame contribute delete
2.1 kB
 #!/bin/bash
# Script to securely regenerate .env file after secret exposure
# This script helps you safely create a new .env file with fresh secrets
echo "๐Ÿšจ SECURITY: Regenerating .env file with new secrets"
echo "========================================================="
# Backup the current .env (without secrets)
if [ -f .env ]; then
echo "๐Ÿ“„ Backing up current .env to .env.backup"
cp .env .env.backup
fi
# Copy template
echo "๐Ÿ“‹ Creating new .env from template"
cp .env.example .env
echo ""
echo "๐Ÿ”ง REQUIRED ACTIONS:"
echo "==================="
echo ""
echo "1. ๐Ÿ”‘ Generate new GitHub Personal Access Token:"
echo " โ†’ Go to: https://github.com/settings/tokens"
echo " โ†’ Generate new token (classic)"
echo " โ†’ Select required scopes: repo, workflow, admin:org"
echo " โ†’ Replace 'ghp_your_github_personal_access_token' in .env"
echo ""
echo "2. ๐Ÿ”‘ Generate new Google Cloud Service Account:"
echo " โ†’ Go to: https://console.cloud.google.com/iam-admin/serviceaccounts"
echo " โ†’ Create new service account"
echo " โ†’ Download JSON key file"
echo " โ†’ Store as 'service-account-key.json' (NOT in git)"
echo " โ†’ Update GOOGLE_APPLICATION_CREDENTIALS path in .env"
echo ""
echo "3. ๐Ÿ”„ Update other API keys if compromised:"
echo " โ†’ Groq API key"
echo " โ†’ HuggingFace token"
echo " โ†’ Any other sensitive tokens"
echo ""
echo "4. ๐Ÿ“ Edit .env file with your actual values"
echo ""
echo "5. โœ… Verify .env is in .gitignore (already done)"
echo ""
echo "โš ๏ธ NEVER commit the .env file to version control!"
echo "โš ๏ธ The exposed tokens have been invalidated and must be regenerated!"
echo ""
echo "๐Ÿ”ง Next steps after updating .env:"
echo "================================="
echo "1. Remove .env from git history: git filter-branch --force --index-filter 'git rm --cached --ignore-unmatch .env' --prune-empty --tag-name-filter cat -- --all"
echo "2. Force push (DANGEROUS): git push origin --force --all"
echo "3. Test application: python app.py"
echo ""
echo "๐Ÿ“ง Contact your team to update any shared secrets!"