API Key Security

  • Resolved dtolken

    (@dtolken)


    1 year, 7 months ago

    Hi Jordy

    I think you should obfuscate / star out the api keys once they are added to the settings screen. I’m seeing usage that’s not mine and worried a colleague or rogue previous developer stole one of my keys.

    I have suggested to OpenAI that they add security so that keys can be tied to specific IPs or domains which would also help, but still trying to find the source of the ‘leak’ and this is all I can think of currently.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Jordy Meow

    (@tigroumeow)

    Hi @dtolken,

    I could make it so that the input text is of the password type, and we will not see the API KEY visually. However, there will be always a way to see it; it’s in the options, in the database. So if you have a developer working for you, or an admin, they can definitely get access to it.

    Another way would be to use my filters to add it dynamically through your code, and you could read the key from a file… but even that, a developer could get access to it.

    Thread Starter dtolken

    (@dtolken)

    Thanks, I think just making it like a password field would be a good first step, but get your point.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘API Key Security’ is closed to new replies.

Tags