OPEN_API_KEY - Secret vs Variable

anc95 / ChatGPT-CodeReview

🐥 A code review bot powered by ChatGPT

https://github.com/apps/cr-gpt

ISC License

3.77k stars 361 forks source link

OPEN_API_KEY - Secret vs Variable #69

Closed Olshansk closed 1 year ago

Olshansk commented 1 year ago

Is there any reason why the OPEN_API_KEY is intended to be a variable rather than a secret? I think the latter would be more secure and achieves the same thing.

anc95 commented 1 year ago

If you are using Github action way, it is preferable to store OPEN_API_KEY as a secret. However, for Github App, accessing the secrets value is forbidden. Therefore, as a workaround, it is recommended to store OPEN_API_KEY in a variable.

Olshansk commented 1 year ago

Understood and makes sense. I've removed the app and am only using the workflow now. Thank you for the explanatino!