Skip to content

Security: Move hardcoded RPC API key to environment variable in test file #37

Open
Open
Security: Move hardcoded RPC API key to environment variable in test file#37
Labels
skip-ciSkip CI checks on this PR
@Zena-park

Description

@Zena-park
Zena-park
opened on Mar 10, 2026

Context

Flagged in PR #35 code review (comment).

Problem

crates/desktop-app/local-server/test-e2e-fork.js contains a hardcoded Sepolia RPC API key/token in the source code.

Proposed Fix

  1. Replace with process.env.SEPOLIA_RPC_URL and fail with a clear message if not set
  2. Rotate the exposed key

Metadata

Metadata

Assignees

No one assigned

    Labels

    skip-ciSkip CI checks on this PR

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions