| Version | Supported |
|---|---|
| Latest | Yes |
If you discover a security vulnerability in PX Secrets, please do not open a public issue.
Instead, report it responsibly:
- Email: github@pxinnovative.com
- Subject:
[SECURITY] PX Secrets — <brief description> - Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if you have one)
- Acknowledgment within 48 hours
- Assessment within 7 days
- Fix or mitigation as soon as possible, depending on severity
- Credit in the release notes (unless you prefer to remain anonymous)
This policy covers the PX Secrets application and its dependencies as distributed in this repository. It does not cover third-party tools (SOPS, AGE) — report those to their respective maintainers.
PX Secrets is designed with privacy as a core principle. All encryption and decryption happens locally on your machine using SOPS + AGE. No data is ever sent to any server. If you believe this guarantee has been compromised, please report it immediately.
We take security seriously and appreciate the community's help in keeping PX Secrets safe for everyone.