This application requires a Gemini API key to function. Follow these security practices:

• NEVER commit API keys directly to the repository
• Use environment variables to store sensitive information
• Copy .env.example to .env and set your actual API key:

  cp src/.env.example .env
  # Edit .env and set GEMINI_API_KEY=your-actual-api-key-here

• GEMINI_API_KEY: Your Google Gemini API key (obtain from Google AI Studio)

1. Keep your .env file local and never commit it
2. Use .env.example to document required environment variables
3. Rotate API keys regularly
4. Use different API keys for development and production

1. Use secure environment variable management (e.g., Docker secrets, Kubernetes secrets)
2. Enable API key restrictions in Google Cloud Console
3. Monitor API usage for unusual activity
4. Implement rate limiting and error handling

The following files are automatically ignored by git:

• .env - Contains actual secrets
• .env.* - Any environment files (except .env.example)
• *.key, *.pem, *.p12, *.pfx - Certificate and key files
• secrets.* - Any files starting with "secrets"
• config.local.* - Local configuration files

• API key stored in environment variable only
• .env file is gitignored
• No hardcoded secrets in source code
• API key has appropriate restrictions in Google Cloud Console
• Regular security audits of dependencies (cargo audit)

If you discover a security vulnerability, please:

1. DO NOT create a public issue
2. Email the maintainer directly with details
3. Allow time for the issue to be addressed before public disclosure

# Check for accidentally committed secrets
git log -p | grep -i -E "(api.?key|secret|token|password)"

# Audit dependencies
cargo audit

# Check for sensitive files
find . -name "*.env" -o -name "*.key" -o -name "*secret*"