jackMort / ChatGPT.nvim

ChatGPT Neovim Plugin: Effortless Natural Language Generation with OpenAI's ChatGPT API
Apache License 2.0
3.75k stars 312 forks source link

I'm an idiot - try not to get your OpenAI key revoked by posting config to a public repository like github #67

Closed TC72 closed 1 year ago

TC72 commented 1 year ago

Not complaining as this is all my fault but I decided to start using chezmoi to make moving to a new machine easier. Had the super smart idea of storing my neovim config on a public github repository. Not sure how OpenAI knew as I can't see any charges or use on my account but it took them about a day to find out I'd been dumb enough to do this.

Anyway, I'll give OpenAI the floor and hope anyone reading this has a good laugh at just how stupid I am. (and yes my repository is now private as it should have been because I'm not some fancy coder who has followers that need to copy my config.)

Hi there,
Your OpenAI API key was determined to have been leaked, which has triggered a key rotation and this friendly notification email.
This may be because you committed your API key to an online service such as GitHub, or your key may have been compromised in another way.
Don't worry, you still have API access! Head over to the API Keys page to view your updated API key.
If your API key was stored in any locations - for instance, in code you are running - it will need to be updated before you can run this code again.
Finally, we ask that you please review our best practices for API key safety.
Best,
The OpenAI team
thenbe commented 1 year ago

Not sure how OpenAI knew

I was intrigued as well and found this:

https://docs.github.com/en/code-security/secret-scanning/secret-scanning-patterns#supported-secrets-for-partner-alerts

You can also enable the feature for your own repo if you decide to make it public again.