• .env (contains real API keys)
• azure-config.env (Azure credentials)
• Any file with real API keys or passwords

• .env.example (template without real keys)
• *.env.example (example configurations)
• Configuration documentation

# Copy the template
cp .env.example .env

# Edit with your real credentials
nano .env
# or
code .env

Fill in these sections in your .env file:

# Required for core functionality
AZURE_SPEECH_KEY=your_actual_key_from_azure_portal
AZURE_OPENAI_KEY=your_actual_openai_key

# Get these from Azure Portal:
# 1. Speech Services → Keys and Endpoint
# 2. OpenAI → Keys and Endpoint

1. Rotate keys regularly (every 90 days)
2. Use separate keys for dev/staging/production
3. Monitor usage in Azure Portal
4. Set usage limits to prevent unexpected charges

# Development
.env.development

# Staging  
.env.staging

# Production (most secure)
.env.production

• Use Azure Key Vault for credential management
• Enable Azure AD authentication
• Configure network restrictions
• Set up monitoring and alerts

• .env files are in .gitignore
• No real credentials in committed code
• Azure keys are from your own Azure account
• Usage limits are configured
• Monitoring is enabled

1. Immediately regenerate all affected keys in Azure Portal
2. Update your .env file with new keys
3. Review Azure billing for unexpected usage
4. Check git history for exposed credentials

• Azure Security Best Practices
• Environment Variables Security
• Git Security Guidelines