search

danielmiessler / fabric

fabric is an open-source framework for augmenting humans using AI. It provides a modular framework for solving specific problems using a crowdsourced set of AI prompts that can be used anywhere.
https://danielmiessler.com/p/fabric-origin-story
MIT License
24.25k stars 2.61k forks source link

Update OpenAI API Key Handling #31

Closed supunnadeera closed 9 months ago

supunnadeera commented 9 months ago

Description: The current implementation directly reads the OpenAI API key from a file in the Setup class in client/utils.py. This can be a potential security risk as the key is stored in plain text. Additionally, as a user, I already have the OpenAI API key stored as an environment variable, so it is inconvenient to generate a new API key and paste it into the code.

Proposed Changes: 1) Modify the Setup class to set the API key as an environment variable (OPENAI_API_KEY) instead of writing it to a file. 2) Directly use OpenAI() without manually setting the API key, as OpenAI() can infer the API key from the environment variables.

JGsouzaa commented 9 months ago

The idea to store the key into the environment variables is interesting, gives a new layer of security, but difficult the maintaining, it wouldn't be better to use a criptography method to encrypt this key into a local file?

danielmiessler commented 9 months ago

Hey all, as a security guy I love the thinking here. But I think it's common practice to store keys in .env, and as long as those aren't uploaded to public places I think we're ok for now. Thank you.