Security Issue: Move your gemini api key to server side environment variable

[strawtube]

I noticed that your current q&a functionality directly includes your gemini api key in frontend js code. To keep your api key safe you could maybe do the following:

1. Remove the hardcoded api key from frontend. Store it as environment variable in whatever hosting platform you are using.
2. Create a backend endpoint for request to the gemini api (frontend can interact with backend without exposing key).
3. Update frontend js code to fetch data through backend endpoint (thus no direct calls to gemini api).

[Binbasri-in]

• To host this website with GitHub pages it has to be Static website, so adding another backend will require hosting that backend somewhere else which is extra work
• Gemini API is free of charge for all up to some limit and no credit card is connected to it so nothing to lose
• I agree its a bad practice and people should avoid it