Skip to content

Security: ABHAY627/RealTime-AI-Driver-Monitoring-System

Security

SECURITY.md

πŸ”’ Security Notice

⚠️ CRITICAL: Before Pushing to GitHub

This repository contains sensitive credentials in alert_system.py. Follow these steps BEFORE pushing to GitHub:

Immediate Actions Required

1. Remove Credentials from alert_system.py

Option A: Use the Template (Recommended)

# Backup your credentials locally (not in git)
cp alert_system.py alert_system_BACKUP.py

# Use the template instead
cp alert_system_template.py alert_system.py

# Edit alert_system.py with placeholder values

Option B: Use Environment Variables

# In alert_system.py, replace hardcoded values with:
import os

CLOUDINARY_NAME = os.environ.get('CLOUDINARY_NAME')
CLOUDINARY_KEY = os.environ.get('CLOUDINARY_KEY')
CLOUDINARY_SECRET = os.environ.get('CLOUDINARY_SECRET')
TWILIO_SID = os.environ.get('TWILIO_SID')
TWILIO_TOKEN = os.environ.get('TWILIO_TOKEN')
YOUR_WHATSAPP_NUMBER = os.environ.get('YOUR_WHATSAPP_NUMBER')

2. Verify .gitignore

Ensure these lines exist in .gitignore:

# Sensitive credentials
alert_system.py
config.py
credentials.json
*.key
*.pem
.env

3. Check What Will Be Committed

git status
git diff

DO NOT commit if you see real credentials!

4. Create .env File (If Using Environment Variables)

# Create .env file (this will NOT be committed)
cat > .env << EOF
CLOUDINARY_NAME=your_cloud_name
CLOUDINARY_KEY=your_api_key
CLOUDINARY_SECRET=your_api_secret
TWILIO_SID=your_account_sid
TWILIO_TOKEN=your_auth_token
TWILIO_FROM_NUMBER=whatsapp:+14155238886
YOUR_WHATSAPP_NUMBER=whatsapp:+1234567890
EOF

Load environment variables:

# At the top of your script
from dotenv import load_dotenv
load_dotenv()

Install python-dotenv:

pip install python-dotenv

Setting Up Git Repository

Initialize Git (if not already done)

cd /Users/deepak/Downloads/Driver_Monitoring_System

# Initialize git
git init

# Add all files (safe files only due to .gitignore)
git add .

# Check what's being added
git status

# Commit
git commit -m "Initial commit: Driver Monitoring System"

Create GitHub Repository

  1. Go to GitHub
  2. Click New Repository
  3. Name: Driver_Monitoring_System
  4. Choose: Public or Private
  5. DO NOT initialize with README (we already have one)
  6. Click Create Repository

Push to GitHub

# Add remote repository
git remote add origin https://github.com/yourusername/Driver_Monitoring_System.git

# Push to GitHub
git branch -M main
git push -u origin main

If You Already Committed Credentials

🚨 Emergency: Credentials Already Pushed to GitHub

If you accidentally pushed credentials:

  1. Immediately Revoke All Keys:

    • Cloudinary: Dashboard β†’ Settings β†’ Security β†’ Reset API Secret
    • Twilio: Console β†’ Settings β†’ API Keys β†’ Deactivate

  2. Remove from Git History:

    # Install BFG Repo-Cleaner
brew install bfg  # macOS
# or download from: https://rtyley.github.io/bfg-repo-cleaner/

# Remove alert_system.py from history
bfg --delete-files alert_system.py

# Clean up
git reflog expire --expire=now --all
git gc --prune=now --aggressive

# Force push (WARNING: This rewrites history!)
git push origin --force --all

  3. Generate New Credentials:

    • Get new API keys from Cloudinary
    • Get new Auth Token from Twilio
    • Update your local alert_system.py (not in git)

Best Practices

βœ… DO:

  • Use environment variables for all secrets
  • Keep .gitignore up to date
  • Review files before committing
  • Use .env for local development
  • Store credentials in secure password manager
  • Use different credentials for dev/prod

❌ DON'T:

  • Commit API keys, tokens, or passwords
  • Share credentials in issues or pull requests
  • Hardcode secrets in code
  • Commit .env files
  • Use production credentials in development
  • Share your .env file

Recommended Tools

Secret Scanning

# Install git-secrets
brew install git-secrets  # macOS
# or: https://github.com/awslabs/git-secrets

# Initialize
git secrets --install
git secrets --register-aws

# Scan repository
git secrets --scan

Pre-commit Hooks

Create .git/hooks/pre-commit:

#!/bin/sh
# Check for potential secrets

if git diff --cached --name-only | grep -q "alert_system.py"; then
    echo "β›” ERROR: Attempting to commit alert_system.py"
    echo "This file contains sensitive credentials!"
    exit 1
fi

if git diff --cached | grep -qE "(TWILIO_TOKEN|CLOUDINARY_SECRET|API_KEY).*=.*['\"][^'\"]{10,}"; then
    echo "β›” ERROR: Potential secret detected in commit!"
    exit 1
fi

Make it executable:

chmod +x .git/hooks/pre-commit

Production Deployment

For production environments:

  1. Use Cloud Secret Management:

    • AWS Secrets Manager
    • Google Cloud Secret Manager
    • Azure Key Vault
    • HashiCorp Vault

  2. Set Environment Variables on Server:

    # On your server
export CLOUDINARY_NAME="your_value"
export TWILIO_SID="your_value"
# etc.

  3. Use Platform-Specific Configuration:

    • Heroku: Config Vars
    • AWS: Parameter Store
    • Docker: Secrets
    • Kubernetes: Secrets

Quick Security Checklist

Before pushing to GitHub:

  • Removed all credentials from code
  • Using environment variables or config files
  • .gitignore includes sensitive files
  • Tested that secrets aren't in git history
  • Created .env.example with dummy values
  • Updated README with setup instructions
  • Reviewed all files with git diff
  • Scanned for secrets with git secrets

Need Help?

If you're unsure about security:

  1. Create a private repository first
  2. Ask for a security review
  3. Consult GitHub's security guide

Remember: Once credentials are on the internet, assume they're compromised!

Stay safe! πŸ”’

There aren’t any published security advisories