Just wanted to let you know you have your gemini API key in plain text in your codebase (main.py line 5).
If the API key is still active, i would recommend to rotate your key and possibly revoking the current key as bad actors might use it and you'll be paying for the API usage costs (has happened before).
I would suggest making a .env file with a variable like "GEM_API_KEY" that stores the key as a string. Then when the app starts up, read the variable from the file and store it in a variable within your running environment. After that, make a ".gitignore" file and add the ".env" file in there to ignore. And just like that, no more API key leaks ;)
jnds2197
commented
1 month ago
Hello,
Just wanted to let you know you have your gemini API key in plain text in your codebase (main.py line 5).
If the API key is still active, i would recommend to rotate your key and possibly revoking the current key as bad actors might use it and you'll be paying for the API usage costs (has happened before).
I would suggest making a .env file with a variable like "GEM_API_KEY" that stores the key as a string. Then when the app starts up, read the variable from the file and store it in a variable within your running environment. After that, make a ".gitignore" file and add the ".env" file in there to ignore. And just like that, no more API key leaks ;)