.env file is not included in .gitignore and is tracked in the repository

[Himanshu4812]

🐞 Bug Description

While exploring the repository structure, I noticed that a .env file is committed to the repository, and .gitignore does not include an entry to exclude .env.

📍 Steps to Reproduce

1. Clone the repository
2. Navigate to the project root directory
3. Open the .gitignore file
4. Notice that .env is not listed
5. Observe that a .env file exists and is tracked in the repository

Observations

• .gitignore excludes environment-specific files like .env.local, .env.development.local, etc.
• However, the base .env file is still tracked in the repository.
• The .env file contains configuration values such as API URLs and Firebase settings.

✅ Expected Behavior

The .env file should be excluded from version control by adding it to .gitignore.
A .env.example file should be provided to document required environment variables without exposing actual configuration values.

Actual Behavior

• .env is currently committed and publicly accessible in the repository.

📸 Screenshots

Not applicable.

🖥️ Device & Environment

• OS: Windows
• Browser: Chrome
• Branch: main

Additional Context

This improvement would help align the project with common environment variable and security best practices.

I would like to work on fixing this issue as part of Winter of Code Social (WOC Social).

[Himanshu4812]

Hello @Diksha78-bot 👋
I noticed this issue while reviewing the repository setup and would like to work on fixing it as part of Winter of Code Social (WOC Social).
Could you please assign this issue to me?

Thank you!

[Himanshu4812]

Security Consideration:
Even after removing secrets from the repository, previously committed keys should be considered compromised and should be rotated/invalidated by the repository owner.

To prevent future accidental leaks from forks or pull requests, adding a .env.example file and ensuring .env is excluded via .gitignore would be a robust long-term solution.

[diksha78dev]

Hey @Himanshu4812 have you started your work?

[Himanshu4812]

@Diksha78-bot Yes, I’ve started working on this issue. I’ll push the fix and open a PR by today.

[Himanshu4812]

@Diksha78-bot
I’ve opened a PR that removes the tracked .env file, adds a safe .env.example, updates .gitignore, and documents environment setup in the README.

Please review PR: #44

[Himanshu4812]

@Diksha78-bot
This issue has been resolved, and the PR addressing it has already been merged.
You can safely close this issue. Thanks!