I am having a problem with my API key disappearing. I believe it is disappearing after I use it. I have a website published on GitHub that uses a secured OpenAI API key. However, after using the app, the API key disappears from my account for some reason.
Hi and welcome to the developer forum!
If you upload an API key to a github repo, it will automatically get disabled as a security measure.
Your API keys should be treated like credit card numbers, i.e. keep them private.
1 Like
u can’t post Ur Api key or the ai will flag it and remove it so next time u want to post your api don’t put your Api key on github.com …there free anyone individual api keys where the api key goes u put like say “api key here” for the api key to make it easyer
Then what’s the solution? I used github secrets to store the API Key and Github Actions to use it.
What language is your app and where is it deployed? Typically you would set the key as an environment variable or in a .env file on your production server only.
1 Like
it’s a website app using Vite + React.
but now I made an API placeholder to set your own API to use the app
If you’re building a front-end/client-side app it is best to have your own backend API server that you securely call. Your backend code would then have your API key stored as an environment variable or in some other secure fashion.
Thanks for the info! I’ve solved the problem. I was using GitHub Actions incorrectly.
For those who are curious, I was using GitHub Actions to pull GitHub secrets, which is the API key. I was using a method that took the API key and created a .env file to store it. This caused OpenAI to delete the API because it could be viewed by anyone.
The solution was to use the env: method in the GitHub Actions .yml file to use the API. This method keeps the API key secure and prevents it from being viewed by anyone.
here’s an example of what I did:
env:
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
I don’t know if this is the best way to secure the API Key but it’s working for me perfectly.
All depends what happens with that value at compile time, if it gets converted into an environment link, i.e. a call to the OS to pull the Key from the local env file. However, if that gets converted into the API key string at compile time then your application still have the key in plaintext.
I was wrong about what I did the API key got deleted but it took longer then before to get deleted.
You can use 1password to store your API key and retrieve it from Github Action.
Or you can keep your API keys to yourself and never risk them being leaked and banned.
Hi @omarQ8
API key deleted happen even if you use private repository? or only you are using public repository?
See GitHubs documentation on this: Secret scanning patterns - GitHub Docs
Regardless of public/private, don’t ever store secrets in Git. Use environment variables in your local and production applications. Store the keys in a password manager to keep track of them.
2 Likes