Secret key in your repository

[ppp-master-zz]

Hello,

I noticed that a secret key is in your code repository. Is it a valid key? The safest and recommended way of using the secret key is to encrypt it and store it directly on the server and decrypt it at runtime. That key is what identifies you with our servers at Omise, so it's very important for it to be kept securely. I recommend that you update your code to not include the key and then roll your key in your account in order to get one that has not been compromised.

You can find some more information about the different types of keys here: https://docs.omise.co/api/authentication/

I hope this helps, Cheers!

Francois - Omise.co

[wingyplus]

@ppp-master no both secret & public keys in unittest is not a valid keys. I make take this for my understand of code. I understand user must be use keys from omise server.

Thank you for your help. :)

[ppp-master-zz]

Alright then, false alarm :smile: May I suggest changing its value to something obvious (e.g. "skey_test_123456789") ? That would make it clear to people like me - who are not familiar with Go - that the key is just a dummy value.

By the way, glad to see activity and libraries being built around our API! Keep it up! Do not hesitate to contact us if you have any question or remark.

[wingyplus]

Thank you for your suggested. I change it and close this issue tonight. :)

On Fri Dec 12 2014 at 9:24:25 AM Francois Gaspard notifications@github.com wrote:

Alright then, false alarm [image: :smile:] May I suggest changing its value to something obvious (e.g. "skey_test_123456789") ? That would make it clear to people like me - who are not familiar with Go

• that the key is just a dummy value.

By the way, glad to see activity and libraries being built around our API! Keep it up! Do not hesitate to contact us if you have any question or remark.

— Reply to this email directly or view it on GitHub https://github.com/wingyplus/go-omise/issues/1#issuecomment-66723704.