The following files contain sensitive information and are NOT included in this repository:
-
deployment/wrangler.toml- Contains your actual Cloudflare KV namespace IDs- Use
deployment/wrangler.toml.exampleas a template - Copy and modify it with your own credentials
- Already excluded via
.gitignore
- Use
-
.env- Contains environment variables and secrets- Use
.env.exampleas a template - Already excluded via
.gitignore
- Use
-
.wrangler/- Cloudflare Wrangler cache and local state- Already excluded via
.gitignore
- Already excluded via
When cloning this repository:
-
Copy configuration templates:
cp deployment/wrangler.toml.example deployment/wrangler.toml cp .env.example .env
-
Update with your credentials:
- Edit
deployment/wrangler.tomlwith your KV namespace IDs - Edit
.envwith your configuration (if running Node.js/Express)
- Edit
-
Never commit these files:
# These files should already be in .gitignore # If you accidentally add them, remove with: git rm --cached deployment/wrangler.toml git rm --cached .env
✅ These files are safe to commit:
deployment/wrangler.toml.example- Template with placeholder values.env.example- Template with example configuration- All source code files
- Documentation
- Docker configurations
- Landing page
If you discover a security vulnerability, please use GitHub Security Advisories to report it privately.
Do NOT open a public issue for security vulnerabilities.
When deploying NoaaS:
- Use environment variables for all sensitive configuration
- Never hardcode API keys, secrets, or credentials
- Enable Cloudflare's security features:
- WAF (Web Application Firewall)
- DDoS protection
- Rate limiting (already implemented)
- Keep dependencies updated:
npm audit npm update
- Review logs regularly for suspicious activity:
npm run worker:tail
- OWASP Top 10
- Cloudflare Security Best Practices
- Security Guide - Detailed security configuration
Remember: Security is not a feature, it's a requirement. Keep your credentials private.