Open zioalex opened 1 week ago
Hi Sanjai, what do you mean that it is a public key?. Can you please explain it? It is used to send the Telemetrics to Posthog
On Wed, 4 Sept 2024, 10:22 Sanjai Kumar, @.***> wrote:
Hey @zioalex https://github.com/zioalex, thank you for being security conscious and creating this issue. However, the posthogApiKey is a public key, which means keeping the key open in the codebase is fine.
— Reply to this email directly, view it on GitHub https://github.com/usebruno/bruno/issues/3023#issuecomment-2328222988, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA3NM4CQZOUH3GOQH76FGD3ZU27MDAVCNFSM6AAAAABNTWOVR6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMRYGIZDEOJYHA . You are receiving this because you were mentioned.Message ID: @.***>
I have checked the following:
Describe the bug
Looking in the code I found that you store PostHog ApiKey in code in the files: packages/bruno-app/src/providers/App/useTelemetry.js packages/bruno-app/src/components/Sidebar/GoldenEdition/index.js
Not sure if such key is still valid but surely it shouldn't be there in clear text
.bru file to reproduce the bug
No response
Screenshots/Live demo link