Skip to content

Security: pauldevnull/nomyk-device-core

Security

SECURITY.md

Security Policy

nomyk-device-core is a public reference repository. It should never contain production secrets, credentials, private endpoints, real device fleet data, or private infrastructure configuration.

Reporting a Security Issue

If you find sensitive information in this repository, please open a private security advisory on GitHub or contact the repository owner directly.

Please do not disclose exposed secrets or private operational details in a public issue.

Public Boundary

This repository may discuss:

  • generic IoT device architecture
  • sensor abstraction
  • telemetry schemas
  • calibration lifecycle
  • status-light behavior
  • cloud data-flow concepts

This repository should not include:

  • API keys, tokens, passwords, or certificates
  • private service URLs or production MQTT topics
  • production provisioning or authentication logic
  • real user, plant, or device data
  • commercial dashboard implementation
  • private infrastructure-as-code

If Sensitive Material Is Found

  1. Remove the material from the public tree.
  2. Rotate any exposed credential immediately.
  3. Review commit history and published releases.
  4. Prefer replacing sensitive details with generic architecture notes.

There aren't any published security advisories