Add comprehensive security configuration for Pro license management

Flamehaven · claude · Flamehaven · commit d9d465b1d270 · 2025-09-17T23:52:50.000+07:00
- Add .env.example template for safe license configuration - Enhance .gitignore with security patterns (.env.*, *.license, secrets.txt) - Create SECURITY.md with Pro license management guidelines - Update CLI to auto-load .env files for Pro feature activation - Ensure .env files are completely excluded from Git tracking Security improvements: - Safe Pro license key storage without Git exposure - Multiple .env file patterns protection - Comprehensive security documentation - Automatic environment loading for seamless Pro experience 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/.env.example b/.env.example
@@ -0,0 +1,13 @@
+# Dir2md Environment Configuration Template
+# Copy this file to .env and fill in your actual values
+
+# License Configuration
+DIR2MD_LICENSE=PRO-your_license_key_here
+
+# Optional: API Keys for enhanced features
+GITHUB_TOKEN=ghp_your_github_token_here
+OPENAI_API_KEY=sk-your_openai_key_here
+
+# Performance Settings
+DIR2MD_MAX_WORKERS=4
+DIR2MD_CACHE_DIR=~/.dir2md/cache
diff --git a/.gitignore b/.gitignore
@@ -3,6 +3,8 @@ __pycache__/
 *.py[cod]
 *.egg-info/
 .env
+.env.*
+!.env.example
 .venv/
 venv/
 .idea/
@@ -13,6 +15,13 @@ venv/
 .coverage
 .pytest_cache/
 
+# License and API Keys (Security)
+license.key
+*.license
+api_keys.txt
+secrets.txt
+config.local.*
+
 # OS
 .DS_Store
 Thumbs.db
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,87 @@
+# Security Guidelines for Dir2md
+
+## 🔐 License Key Management
+
+### Safe Practices
+
+#### ✅ DO:
+- Use environment variables: `export DIR2MD_LICENSE="PRO-your_key"`
+- Create `.env` file locally (already in .gitignore)
+- Use different keys for development/production
+- Rotate keys periodically
+
+#### ❌ DON'T:
+- Never commit license keys to Git
+- Don't hardcode keys in scripts
+- Avoid sharing keys in plain text
+- Don't use production keys in testing
+
+### Setting Up Pro License
+
+1. **Create local environment file:**
+   ```bash
+   cp .env.example .env
+   # Edit .env with your actual license key
+   ```
+
+2. **Or use environment variable:**
+   ```bash
+   export DIR2MD_LICENSE="PRO-your_license_key_here"
+   ```
+
+3. **Verify activation:**
+   ```bash
+   dir2md --version --verbose
+   ```
+
+### Development vs Production
+
+#### Development Environment:
+```bash
+# .env.development
+DIR2MD_LICENSE=PRO-dev_key_123456789
+DIR2MD_LOG_LEVEL=DEBUG
+```
+
+#### Production Environment:
+```bash
+# Use secure secret management
+export DIR2MD_LICENSE="${PROD_LICENSE_KEY}"
+```
+
+### Git Safety Checks
+
+Before committing, always run:
+```bash
+# Check for accidentally committed secrets
+git diff --cached | grep -i "PRO-\|license\|key\|secret"
+
+# Use git-secrets if available
+git secrets --scan
+```
+
+### License Key Format
+
+Valid Pro keys must:
+- Start with `PRO-`
+- Be at least 11 characters total
+- Example: `PRO-abc123def456`
+
+### Troubleshooting
+
+#### Key Not Working:
+1. Check format: `PRO-` prefix + sufficient length
+2. Verify environment variable is set
+3. Restart application after setting key
+4. Check for typos or extra spaces
+
+#### Accidental Exposure:
+1. Immediately rotate the key
+2. Remove from Git history if committed
+3. Check GitHub/GitLab secret scanning alerts
+4. Update all environments with new key
+
+### Contact
+
+For license issues: https://dir2md.com/support
+For security concerns: security@dir2md.com
diff --git a/src/dir2md/cli.py b/src/dir2md/cli.py
@@ -1,9 +1,29 @@
 from __future__ import annotations
-import argparse, zipfile, hashlib
+import argparse, zipfile, hashlib, os
 from pathlib import Path
 from .core import Config, generate_markdown_report
 from . import __version__
 
+# Load .env file if it exists (for Pro license and configuration)
+def load_env_file():
+    # Try current directory first, then parent directories
+    current = Path.cwd()
+    for parent in [current] + list(current.parents):
+        env_file = parent / '.env'
+        if env_file.exists():
+            try:
+                for line in env_file.read_text(encoding='utf-8').splitlines():
+                    line = line.strip()
+                    if line and not line.startswith('#') and '=' in line:
+                        key, value = line.split('=', 1)
+                        os.environ[key.strip()] = value.strip()
+                break  # Stop after first .env file found
+            except Exception:
+                pass  # Silently ignore .env file errors
+
+# Load environment configuration on import
+load_env_file()
+
 DEFAULT_EXCLUDES = [
     ".git", "__pycache__", "node_modules", ".venv",
     "build", "dist", "*.pyc", ".DS_Store",
