Open brentbaum opened 1 year ago
I'm new to this. What do you mean with using a proxy ?
@johannbuscail
Taken from https://platform.openai.com/docs/api-reference/authentication:
Remember that your API key is a secret! Do not share it with others or expose it in any client-side code (browsers, apps). Production requests must be routed through your own backend server where your API key can be securely loaded from an environment variable or key management service.
This is begging to encourage beginners to publish their OpenAI secret keys in clientside javascript, leaking them. It feels responsible to add a banner in the README to note the security risk & recommend they use a proxy when pushing the application into production.