Skip to content

[MEDIUM] Hardcoded testnet secret key in CI workflow #35

Description

@DeFiVC

Description

In .github/workflows/ci.yml:50, STELLAR_PLATFORM_SECRET is committed in plaintext. Even for testnet, secrets should use GitHub Actions encrypted secrets to follow security best practices.

Impact

Testnet private key exposed in repository history. If reused on mainnet, funds could be compromised.

File

.github/workflows/ci.yml:50

Suggested Fix

Use GitHub Actions encrypted secrets: ${{ secrets.STELLAR_PLATFORM_SECRET }}

Metadata

Metadata

Assignees

No one assigned

    Labels

    GrantFox OSSIssue tracked in GrantFox OSSMaybe RewardedIssue may be eligible for a GrantFox rewardOfficial CampaignCampaign: Official CampaignbugSomething isn't workingmediumsecuritySecurity concern

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions