Just wanted to let you know you have your gemini API key in plain text in your codebase (main.py line 5).
If the API key is still active, i would recommend to rotate your key and possibly revoking the current key as bad actors might use it and you'll be paying for the API usage costs (has happened before).
I would suggest making a .env file with a variable like "GEM_API_KEY" that stores the key as a string. Then when the app starts up, read the variable from the file and store it in a variable within your running environment. After that, make a ".gitignore" file and add the ".env" file in there to ignore. And just like that, no more API key leaks ;)
Hello,
Just wanted to let you know you have your gemini API key in plain text in your codebase (main.py line 5).
If the API key is still active, i would recommend to rotate your key and possibly revoking the current key as bad actors might use it and you'll be paying for the API usage costs (has happened before).
I would suggest making a .env file with a variable like "GEM_API_KEY" that stores the key as a string. Then when the app starts up, read the variable from the file and store it in a variable within your running environment. After that, make a ".gitignore" file and add the ".env" file in there to ignore. And just like that, no more API key leaks ;)