kerem commented

Owner

Originally created by @PeopleInside on GitHub (Feb 13, 2026).
Original GitHub issue: https://github.com/cypht-org/cypht/issues/1861

💬 Question

Hi, I'm new on Cypht.
I have a VPS where I own some email account.
I'm looking for a web client that support:

Login protection - Captcha and two factor
Reply-To function
Multi account in one login inbox and sending too
Easy to install, no SSH to avoid server crashes (Composer is ok to use, an exception)

In the past I used RainLoop then switched to SnappyMail but now again the software seems to be no more updated.

Cypth seems the solution.
I tried to install on my server by uploading the folders and the first obstacle is the .env generation.
I dont need many settings just want load a webmail interface and login.
I read that I can be helped by the tool https://www.cypht.org/config-generator/ but here there are a lot of settings...
also I prefer run something on my server that insert ReCaptcha keys and other data on an external address as is https://www.cypht.org/config-generator/ - Could this be run locally? How?
With basic settings I need to insert just to be able to login to server email account?
I'm using the Virtualmin panel.

then on SSH root of the app I run composer install

I was able to see the login page on the web interface but I was not able to login with my server email account.

It's actually hard for me be able to use Cypht.
I used software like RainLoop or Snappymail where you upload the folder on the web and follow a web page who guide you into the installation.. then usually when the login page is showed I can login with email and password of emails accounts.

Will be nice to be able to try Cypht... also because there is no online demo.
Thank you for reading and for the time.

Originally created by @PeopleInside on GitHub (Feb 13, 2026). Original GitHub issue: https://github.com/cypht-org/cypht/issues/1861 ## 💬 Question Hi, I'm new on Cypht. I have a VPS where I own some email account. I'm looking for a web client that support: - Login protection - Captcha and two factor - Reply-To function - Multi account in one login inbox and sending too - Easy to install, no SSH to avoid server crashes (Composer is ok to use, an exception) In the past I used RainLoop then switched to SnappyMail but now again the software seems to be no more updated. Cypth seems the solution. I tried to install on my server by uploading the folders and the first obstacle is the .env generation. I dont need many settings just want load a webmail interface and login. I read that I can be helped by the tool https://www.cypht.org/config-generator/ but here there are a lot of settings... also I prefer run something on my server that insert ReCaptcha keys and other data on an external address as is https://www.cypht.org/config-generator/ - Could this be run locally? How? With basic settings I need to insert just to be able to login to server email account? I'm using the Virtualmin panel. then on SSH root of the app I run composer install I was able to see the login page on the web interface but I was not able to login with my server email account. It's actually hard for me be able to use Cypht. I used software like RainLoop or Snappymail where you upload the folder on the web and follow a web page who guide you into the installation.. then usually when the login page is showed I can login with email and password of emails accounts. Will be nice to be able to try Cypht... also because there is no online demo. Thank you for reading and for the time.

kerem

2026-02-25 21:35:46 +03:00

closed this issue
added the
question
label

kerem commented

2026-02-25 21:35:46 +03:00

Author

Owner

@PeopleInside commented on GitHub (Feb 14, 2026):

I given a try some week ago and I started to try the installation today.
Uploaded the folder on the server then tried to configure an .env file from the config generator where I set the follow on the app "tab":

Authentication Type: IMAP
USER_SETTINGS_DIR: custom path
ATTACHMENT_DIR: custom path
APP_NAME: my custom app name

Then on the bottom of the page i click on the green button "Generate .env file", the file is showed for a second or less then the page is refreshed and the page reload with again the standard .env file.
I'm unable to copy so the generated .env file so I'm unable to made a working configuration.

I'm using the updated Brave browser.

Another thing I dont understand is that the app ask for a safe place outside of the public_html for the attachment and user settings dir but the .env file is on the root of the app under the public_html folder and this .env file can include database password for who use it so sensible data. I'm confused as the .env file must be always outside of a public_html.

@PeopleInside commented on GitHub (Feb 14, 2026): I given a try some week ago and I started to try the installation today. Uploaded the folder on the server then tried to configure an .env file from the [config generator](https://www.cypht.org/config-generator/) where I set the follow on the app "tab": - Authentication Type: IMAP - USER_SETTINGS_DIR: custom path - ATTACHMENT_DIR: custom path - APP_NAME: my custom app name Then on the bottom of the page i click on the green button "Generate .env file", the file is showed for a second or less then the page is refreshed and the page reload with again the standard .env file. I'm unable to copy so the generated .env file so I'm unable to made a working configuration. I'm using the updated Brave browser. Another thing I dont understand is that the app ask for a safe place outside of the public_html for the attachment and user settings dir but the .env file is on the root of the app under the public_html folder and this .env file can include database password for who use it so sensible data. I'm confused as the .env file must be always outside of a public_html.

kerem commented

2026-02-25 21:35:46 +03:00

Author

Owner

@jac-ron commented on GitHub (Feb 16, 2026):

Yes, I can confirm the problem with the config generator. But you can edit the .env file and change the following settings, then your IMAP login should work:

AUTH_TYPE=IMAP

IMAP_AUTH_NAME=this_is_just_a_label
IMAP_AUTH_SERVER=mail.example.org
IMAP_AUTH_PORT=993
IMAP_AUTH_TLS=true

Regarding the .env inside the document root: as long as you use Apache and it reads .htaccess files, it should be protected.

@jac-ron commented on GitHub (Feb 16, 2026): Yes, I can confirm the problem with the config generator. But you can edit the `.env` file and change the following settings, then your IMAP login should work: ``` AUTH_TYPE=IMAP IMAP_AUTH_NAME=this_is_just_a_label IMAP_AUTH_SERVER=mail.example.org IMAP_AUTH_PORT=993 IMAP_AUTH_TLS=true ``` Regarding the `.env` inside the document root: as long as you use Apache and it reads `.htaccess` files, it should be protected.

kerem commented

2026-02-25 21:35:46 +03:00

Author

Owner

@PeopleInside commented on GitHub (Feb 17, 2026):

Thank you for your reply @jac-ron .
The issue is that maybe I not need edit just the piece you mentioned.
I ave to choose if use a database or a file saving... so the mentioned edit I suppose is not the only once necessary to be able to use the app.

As I mentioned I tried but I was not able to use the app and now I have also a confirm that the .env generator is not working.

My server get hacked in the past for an .env file that was accessible. Hackers discovered my email password and started to send spam. Is true that the server should be protected with Apache settings or .htaccess but is not good for security to have the .env file in a public folder access so... I'm asking how much is secure cypht as it have the .env file in the public accessible folder.

Also I was not able to use, impossibile to login and I'm sad because seems is not easy to find a web mail with great features today. there are few abandoned project and some active project that miss for example the reply-to function or a protection on the login.

Cypht seems to have this functions but I was not able to made it work.
Also now the fact the .env file is on an accessible place and also the generator is not working made me thing about security but also looks hard the setup to me.

@PeopleInside commented on GitHub (Feb 17, 2026): Thank you for your reply @jac-ron . The issue is that maybe I not need edit just the piece you mentioned. I ave to choose if use a database or a file saving... so the mentioned edit I suppose is not the only once necessary to be able to use the app. As I mentioned I tried but I was not able to use the app and now I have also a confirm that the .env generator is not working. My server get hacked in the past for an .env file that was accessible. Hackers discovered my email password and started to send spam. Is true that the server should be protected with Apache settings or .htaccess but is not good for security to have the .env file in a public folder access so... I'm asking how much is secure cypht as it have the .env file in the public accessible folder. Also I was not able to use, impossibile to login and I'm sad because seems is not easy to find a web mail with great features today. there are few abandoned project and some active project that miss for example the reply-to function or a protection on the login. Cypht seems to have this functions but I was not able to made it work. Also now the fact the .env file is on an accessible place and also the generator is not working made me thing about security but also looks hard the setup to me.

kerem commented

2026-02-25 21:35:46 +03:00

Author

Owner

@IrAlfred commented on GitHub (Feb 17, 2026):

Security and Setup Clarification

Hi @PeopleInside ! Thanks for raising these concerns. I can provide some clarification to the security aspects.

The .env file is secure by design when properly installed
Cypht has multiple protection layers

1. The `.env` File Security Concern

Good news: Your security concern is actually a non-issue when Cypht is installed correctly.

How Cypht's Architecture Protects `.env`

Cypht's deployment model specifically addresses this concern:

Source code location: The .env file lives in the source directory (e.g., /usr/local/share/cypht/)
Web-accessible location: Only the site/ subdirectory is symlinked to your web root
Result: The .env file is never in the web-accessible path

Multiple Protection Layers

Even if misconfigured, Cypht has defense-in-depth:

Layer 1 - .htaccess Protection (lines 19-27):

# Block hidden files (starting with .)
<FilesMatch "^\.">
    Require all denied
</FilesMatch>

# Block sensitive project files
<FilesMatch "\.(env|ini|log|conf|json|lock|yml|yaml|md|txt|sh|...)$">
    Require all denied
</FilesMatch>

Layer 2 - Directory Structure: The config_gen.php build process creates a separate site/ directory containing only production files. The .env never gets copied there.

Layer 3 - .gitignore: The .env file is excluded from version control.

Your Previous Server Hack
Your past incident with an exposed .env had likely a different protection architecture that placed .env in the document root or had misconfigured server settings. This scenario doesn't apply to Cypht because of its separate source/production architecture.

@IrAlfred commented on GitHub (Feb 17, 2026): # Security and Setup Clarification Hi @PeopleInside ! Thanks for raising these concerns. I can provide some clarification to the security aspects. - The `.env` file is **secure by design** when properly installed - Cypht has multiple protection layers ## 1. The `.env` File Security Concern **Good news:** Your security concern is actually a non-issue when Cypht is installed correctly. ### How Cypht's Architecture Protects `.env` Cypht's deployment model specifically addresses this concern: 1. **Source code location**: The `.env` file lives in the source directory (e.g., `/usr/local/share/cypht/`) 2. **Web-accessible location**: Only the `site/` subdirectory is symlinked to your web root 3. **Result**: The `.env` file is **never in the web-accessible path** ### Multiple Protection Layers Even if misconfigured, Cypht has defense-in-depth: **Layer 1 - `.htaccess` Protection** (lines 19-27): ```apache # Block hidden files (starting with .) <FilesMatch "^\."> Require all denied </FilesMatch> # Block sensitive project files <FilesMatch "\.(env|ini|log|conf|json|lock|yml|yaml|md|txt|sh|...)$"> Require all denied </FilesMatch> ``` **Layer 2 - Directory Structure**: The `config_gen.php` build process creates a separate site/ directory containing only production files. The `.env` never gets copied there. **Layer 3 -** `.gitignore`: The `.env` file is excluded from version control. Your Previous Server Hack Your past incident with an exposed `.env` had likely a different protection architecture that placed `.env` in the document root or had misconfigured server settings. This scenario doesn't apply to Cypht because of its separate source/production architecture.

kerem commented

2026-02-25 21:35:46 +03:00

Author

Owner

@PeopleInside commented on GitHub (Feb 17, 2026):

Hi, thank you for the reply!
I'm glad about read some security rules are added to the .htaccess file.
My hack issue was present during a migration from a server to a new server with a new control panel and was on a different app.
I learn from this that .env file can be a dangerous configuration file with sensibile data that if a security rule to protect it is missed, the file can be easily be read by just pointing the web address in the browser.

Source code location: The .env file lives in the source directory (e.g., /usr/local/share/cypht/)

When I download Cypht from GitHub then upload on the hosting the .env file is located on the root folder for the project.
On other application software that I use and that have the .env file usually this is placed outside of the app public folder.

mmm... 🤔 so if Cypht is installed by just uploading folder by FTP will not work? Also edit the .env file present on the main tor folder will not work?

I was not able to made Cypht work. I cannot run the .sh setup file, this is dangerous for me because can edit and create issue on my existing server where I run other application and a control panel.

As there is no setup wizard seems hard or impossibile made Cyphy working.
I was hoping to find how to to here, in this discussion but for now still cannot use.

@PeopleInside commented on GitHub (Feb 17, 2026): Hi, thank you for the reply! I'm glad about read some security rules are added to the .htaccess file. My hack issue was present during a migration from a server to a new server with a new control panel and was on a different app. I learn from this that .env file can be a dangerous configuration file with sensibile data that if a security rule to protect it is missed, the file can be easily be read by just pointing the web address in the browser. > Source code location: The .env file lives in the source directory (e.g., /usr/local/share/cypht/) When I download Cypht from GitHub then upload on the hosting the .env file is located on the root folder for the project. On other application software that I use and that have the .env file usually this is placed outside of the app public folder. mmm... 🤔 so if Cypht is installed by just uploading folder by FTP will not work? Also edit the .env file present on the main tor folder will not work? I was not able to made Cypht work. I cannot run the .sh setup file, this is dangerous for me because can edit and create issue on my existing server where I run other application and a control panel. As there is no setup wizard seems hard or impossibile made Cyphy working. I was hoping to find how to to here, in this discussion but for now still cannot use.

kerem commented

2026-02-25 21:35:46 +03:00

Author

Owner

@no-one commented on GitHub (Feb 17, 2026):

The above-mentioned changes for IMAP should be enough. Don't forget to set the paths for USER_SETTINGS_DIR and ATTACHMENT_DIR correctly as well. Also, don't forget to set your document root to cypht/site/ and not to cypht/. Maybe you should also set ENABLE_REDIS=false and ENABLE_MEMCACHED=false if you don't use it.

@no-one commented on GitHub (Feb 17, 2026): The above-mentioned changes for IMAP should be enough. Don't forget to set the paths for `USER_SETTINGS_DIR` and `ATTACHMENT_DIR` correctly as well. Also, don't forget to set your document root to `cypht/site/` and not to `cypht/`. Maybe you should also set `ENABLE_REDIS=false` and `ENABLE_MEMCACHED=false` if you don't use it.

kerem commented

2026-02-25 21:35:46 +03:00

Author

Owner

@IrAlfred commented on GitHub (Feb 17, 2026):

so if Cypht is installed by just uploading folder by FTP will not work? Also edit the .env file present on the main tor folder will not work?

It will work, but this is not the recommended way to do that. This way your .env file is still secured by the .htaccess rules but present in the document root

@IrAlfred commented on GitHub (Feb 17, 2026): > so if Cypht is installed by just uploading folder by FTP will not work? Also edit the .env file present on the main tor folder will not work? It will work, but this is not the recommended way to do that. This way your `.env` file is still secured by the .htaccess rules but present in the document root

kerem commented

2026-02-25 21:35:46 +03:00

Author

Owner

@PeopleInside commented on GitHub (Feb 17, 2026):

Thank you for the reply!

Question 1
Umh how I can set the .env file to be in a different place, to use the .env in a different place that in the root if I'm not using the .sh script?

Question 2

The tool to generate the .env file seems is not working as when click generate never generate a custom .env but it show the standard one after the page reload.

In that configurator and in the default .env file seems to be necessary decide if the app connect to Mysql database or file.
As I cannot use the configurator because is not working, I should not set in the .env file relative settings to use database or a file?
You said I can just made the changes above to the .env file but where the app will store things if I cannot set where the app should save?

I would prefer try to not use a Mysql database, will be nice try to use a file storage outside of the public html folder... but without the generator it's hard to me understand how to setup this in the .env file.

@PeopleInside commented on GitHub (Feb 17, 2026): Thank you for the reply! **Question 1** Umh how I can set the .env file to be in a different place, to use the .env in a different place that in the root if I'm not using the .sh script? **Question 2** The tool to generate the .env file seems is not working as when click generate never generate a custom .env but it show the standard one after the page reload. In that configurator and in the default .env file seems to be necessary decide if the app connect to Mysql database or file. As I cannot use the configurator because is not working, I should not set in the .env file relative settings to use database or a file? You said I can just made the changes above to the .env file but where the app will store things if I cannot set where the app should save? I would prefer try to not use a Mysql database, will be nice try to use a file storage outside of the public html folder... but without the generator it's hard to me understand how to setup this in the .env file.

kerem commented

2026-02-25 21:35:46 +03:00

Author

Owner

@IrAlfred commented on GitHub (Feb 17, 2026):

Important Clarifications First

Misconception 1: The website "config generator" doesn't create files for you

It's just a visual helper/documentation tool
You must manually copy (from .env.example) and edit your .env file
So the use of the website config generator is not mandatory, it's optional

Misconception 2: The .env location

You cannot move the .env file
It must be in the Cypht source root directory
Security comes from the fact that Cypht source root directory will not be stored at the html web root folder

Simple 5-Step Setup

Step 1: Place Cypht Source Outside Web Root

# Create directory outside your public HTML
sudo mkdir -p /usr/local/share/cypht
cd /usr/local/share/cypht

# Extract Cypht files here (or git clone)
# Your .env file will be: /usr/local/share/cypht/.env

Step 2: Install the dependancies and create the database

# Install the dependancies
composer install

# Create the database

Step 3: Create and Edit Your `.env` File

# Copy the example
cp .env.example .env

# Edit it : specify DB_NAME, DB_USER, DB_PASS
nano .env

# run this command to create the DB schema
php ./scripts/setup_database.php 

# Create users if you choose to authenticate users from the DB (AUTH_TYPE=DB)
# You may use also IMAP, LDAP, etc.
php ./scripts/create_account.php <username> <password>

# Generate the production site (this will create a subdirectory site/ )
php ./scripts/config_gen.php

Step 4: Create Storage Directories

# Create directories for file storage (OUTSIDE web root)
sudo mkdir -p /var/lib/hm3/users
sudo mkdir -p /var/lib/hm3/attachments

# Give web server permission to write
sudo chown -R www-data:www-data /var/lib/hm3/

Edit these env variables accordingly in your .env file

USER_SETTINGS_DIR=/var/lib/hm3/users
ATTACHMENT_DIR=/var/lib/hm3/attachments

Step 5: Symlink ONLY the site/ directory to web root

# Symlink ONLY the site/ directory to web
sudo ln -s /usr/local/share/cypht/site /var/www/html/cypht

After this you can access your Cypht instance from http://example.com/cypht

Here is the full folder structure
/usr/local/share/cypht/ ← Source (NOT web accessible)
├── .env ← Your config (SAFE here)
├── .htaccess ← Extra protection
├── scripts/
├── modules/
├── lib/
└── site/ ← Only this gets exposed!
├── index.php
├── site.js
├── site.css
└── modules/

/var/www/html/
└── cypht → /usr/local/share/cypht/site ← Symlink (web accessible)

/var/lib/hm3/ ← File storage (NOT web accessible)
├── users/ ← User settings files
└── attachments/ ← Email attachments

Answering Your Specific Questions

Q1: "How can I set the .env file to be in a different place?"

Placing the entire Cypht source outside your web root
Only symlinking site/ to your web directory
The env never enters the web-accessible path

Q2: "The website generator isn't working / creating a custom .env"

A: You're misunderstanding the tool! It's not supposed to create files. It's just a helper to show you the syntax, not an automated installer.

Q3: "Where will the app store things without the generator?"
A: The storage location is set in your .env file:

USER_SETTINGS_DIR=/var/lib/hm3/users        ← User settings here
ATTACHMENT_DIR=/var/lib/hm3/attachments     ← Attachments here

@IrAlfred commented on GitHub (Feb 17, 2026): ### Important Clarifications First **Misconception 1:** The website "config generator" doesn't create files for you - It's just a **visual helper/documentation tool** - You must **manually copy (from `.env.example`) and edit** your `.env` file - So the use of the website config generator is not mandatory, it's optional **Misconception 2:** The `.env` location - You **cannot move** the `.env` file - It **must be** in the Cypht source root directory - Security comes from the fact that Cypht source root directory will not be stored at the html web root folder ### Simple 5-Step Setup #### **Step 1: Place Cypht Source Outside Web Root** ```bash # Create directory outside your public HTML sudo mkdir -p /usr/local/share/cypht cd /usr/local/share/cypht # Extract Cypht files here (or git clone) # Your .env file will be: /usr/local/share/cypht/.env ``` #### Step 2: Install the dependancies and create the database ``` # Install the dependancies composer install # Create the database ``` #### Step 3: Create and Edit Your `.env` File ``` # Copy the example cp .env.example .env # Edit it : specify DB_NAME, DB_USER, DB_PASS nano .env # run this command to create the DB schema php ./scripts/setup_database.php # Create users if you choose to authenticate users from the DB (AUTH_TYPE=DB) # You may use also IMAP, LDAP, etc. php ./scripts/create_account.php <username> <password> # Generate the production site (this will create a subdirectory site/ ) php ./scripts/config_gen.php ``` #### Step 4: Create Storage Directories ``` # Create directories for file storage (OUTSIDE web root) sudo mkdir -p /var/lib/hm3/users sudo mkdir -p /var/lib/hm3/attachments # Give web server permission to write sudo chown -R www-data:www-data /var/lib/hm3/ ``` Edit these env variables accordingly in your `.env` file ``` USER_SETTINGS_DIR=/var/lib/hm3/users ATTACHMENT_DIR=/var/lib/hm3/attachments ``` #### Step 5: Symlink ONLY the site/ directory to web root ``` # Symlink ONLY the site/ directory to web sudo ln -s /usr/local/share/cypht/site /var/www/html/cypht ```` After this you can access your Cypht instance from http://example.com/cypht Here is the full folder structure /usr/local/share/cypht/ ← Source (NOT web accessible) ├── .env ← Your config (SAFE here) ├── .htaccess ← Extra protection ├── scripts/ ├── modules/ ├── lib/ └── site/ ← Only this gets exposed! ├── index.php ├── site.js ├── site.css └── modules/ /var/www/html/ └── cypht → /usr/local/share/cypht/site ← Symlink (web accessible) /var/lib/hm3/ ← File storage (NOT web accessible) ├── users/ ← User settings files └── attachments/ ← Email attachments ## Answering Your Specific Questions Q1: "How can I set the .env file to be in a different place?" 1. Placing the entire Cypht source outside your web root 2. Only symlinking site/ to your web directory 3. The `env` never enters the web-accessible path Q2: "The website generator isn't working / creating a custom .env" A: You're misunderstanding the tool! It's not supposed to create files. It's just a helper to show you the syntax, not an automated installer. Q3: "Where will the app store things without the generator?" A: The storage location is set in your `.env` file: ``` USER_SETTINGS_DIR=/var/lib/hm3/users ← User settings here ATTACHMENT_DIR=/var/lib/hm3/attachments ← Attachments here ```

kerem commented

2026-02-25 21:35:46 +03:00

Author

Owner

@IrAlfred commented on GitHub (Feb 17, 2026):

Please check the full documentation is here https://www.cypht.org/install/

@IrAlfred commented on GitHub (Feb 17, 2026): Please check the full documentation is here https://www.cypht.org/install/

kerem commented

2026-02-25 21:35:46 +03:00

Author

Owner

@PeopleInside commented on GitHub (Feb 17, 2026):

Thanks, is not working but I'm closing the issue. I am unable to use cypth

@PeopleInside commented on GitHub (Feb 17, 2026): Thanks, is not working but I'm closing the issue. I am unable to use cypth

kerem commented

2026-02-25 21:35:46 +03:00

Author

Owner

@IrAlfred commented on GitHub (Feb 17, 2026):

Thanks, is not working but I'm closing the issue. I am unable to use cypth

Please don't give up so easily...

Would you be available for a brief screenshare session?

The easiest way to coordinate is to send me (or @Baraka24) a Direct Message (DM) on Matrix

https://matrix.to/#/@iralfred:gitter.im (@IrAlfred) or
https://matrix.to/#/@baraka24:gitter.im (@Baraka24 )

@IrAlfred commented on GitHub (Feb 17, 2026): > Thanks, is not working but I'm closing the issue. I am unable to use cypth Please don't give up so easily... Would you be available for a brief screenshare session? The easiest way to coordinate is to send me (or @Baraka24) a Direct Message (DM) on Matrix - https://matrix.to/#/@iralfred:gitter.im (@IrAlfred) or - https://matrix.to/#/@baraka24:gitter.im (@Baraka24 )

kerem commented

2026-02-25 21:35:46 +03:00

Author

Owner

@PeopleInside commented on GitHub (Feb 17, 2026):

Thank you for your help ♥️🥰😊

@PeopleInside commented on GitHub (Feb 17, 2026): Thank you for your help ♥️🥰😊

kerem referenced this issue

2026-02-25 21:36:56 +03:00

[PR #724] [MERGED] fix profile preselection when compose from email was supplied #1008

Rows
Columns

[GH-ISSUE #1861] 💬 [Question] Issue on the first use #724

💬 Question

Security and Setup Clarification

1. The .env File Security Concern

How Cypht's Architecture Protects .env

Multiple Protection Layers

Important Clarifications First

Simple 5-Step Setup

Step 1: Place Cypht Source Outside Web Root

Step 2: Install the dependancies and create the database

Step 3: Create and Edit Your .env File

Step 4: Create Storage Directories

Step 5: Symlink ONLY the site/ directory to web root

Answering Your Specific Questions

1. The `.env` File Security Concern

How Cypht's Architecture Protects `.env`

Step 3: Create and Edit Your `.env` File