Open fpreiss opened 1 month ago
that's not how api keys are supposed to work! lol. i mean it is using environment variables which is a good start, but the dev putting their own api key into the python notebooks is enough of a red flag for me to nope nope nope outta here.
the correct thing to do is pull the environment variable values and if it's empty or a bad key, print a helpful error message and exit, not just hammer the api when it's returning 401 until the server craps out.
Looking at the git logs, everything was coded within a single day. In a competitive setting (Meta Llama 3 Hackathon) it is inevitable for corners to get cut. I'm still glad the result is open source.
the commented out key in the notebook should probably be removed from both the notebook and the GROQ console, since is still a valid key
I don't think its a major issue as of now but should be handled in a better way
I discovered three different hard coded API keys for Groq in multiple locations within the repository. The affected files are:
scratch.ipynb
server.py
watch-api.ipynb
notebooks/data_loading_processing.ipynb
src/watch_utils.py
The API keys identified start with the following prefixes:
I believe these keys were not intended to be exposed publicly. If these API keys are indeed meant for public use, please confirm.