sensitive-file/env-production

Production .env file

criticalSensitive filesensitive-file

What it detects

Production environment variable file. Typically contains DB credentials, API keys, and signing secrets.

Delete from repo, rotate every value inside, and use a hosting-provider env system (Vercel, AWS SSM) instead.

Path / basename / content-header match. No content body is stored — only the path.

Found a false positive or want this rule tuned? File an issue. You can also suppress per-repo via a .repoguardignore line.