agenta icon indicating copy to clipboard operation
agenta copied to clipboard
Published 1 month ago verified publisher icon Agenta-AI

[AGE-2238] [Security] Update .env file handling to prevent security risks

Open mmabrouk opened this issue 8 months ago • 0 comments

Background

Currently, the deployment guide instructs users to "Edit hosting/docker-compose/oss/.env.oss.gh." However, this file is not ignored by git, creating a security vulnerability where sensitive configuration values could be accidentally committed.

Impact

This creates a security risk for contributors and users who follow the documentation, potentially exposing sensitive configuration information if they commit changes to the repository.

Requirements

  1. Rename the file to .env.oss.gh.default as a template

  2. Update the documentation to instruct users to:

    • Copy the default file to .env.oss.gh
    • Make their changes in the copied file (which should be gitignored)

  3. Ensure .env.oss.gh is properly added to .gitignore

Related Information

  • Current documentation page: https://docs.agenta.ai/self-host/host-locally
  • This issue was identified through user feedback from contributors trying to follow the deployment guide

AGE-2238

mmabrouk avatar Apr 14 '25 10:04 mmabrouk