Open PapaPablo opened 4 days ago
to be a bit more specific, one exposed (I think) API key I found is located here but I didn't review the project thoroughly so there might be more I am not aware of, or this key might not be an actual live key (in that case, like I said, it is safe to ignore this issue)
I noticed that this repository has exposed several API keys for AI services, like open AI.
Exposing API keys, especially those associated with an account that has active billing, poses a significant risk. Unauthorized users could exploit these keys to access the services, resulting in unexpected charges for the original key holder.
In order to address this, the keyholder should delete the exposed keys from the service side (In case of Open AI, then regenerate new fresh API keys, and use those instead.
In order to use the keys without exposing them in the open source code, environmental variables or a configuration file that is not pushed into the repo should be used.
If these keys are no longer active, this issue can be safely ignored and closed, otherwise please address this problem, as it could lead to some serious financial issues if the keys get hijacked by bad actors.