-
-
Notifications
You must be signed in to change notification settings - Fork 702
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: get api key from OPENAI_API_KEY environment variable #62
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is your personal API Key. For security reason, it should stay private.
Yeah that's the point, if you read from environment variables, you don't have to write it to file an unencrypted file, which is the current behaviour. |
Hi @loiccoyle, thank you for the PR. While the suggestion make sense, it will not allign with comming changes, since we are planing to add option |
But you don't need to set a new environment variable. The way I see it is if the user has the This PR doesn't break the current implementation of prompting and writing it to file if the variable is not set. So I think the upcoming I opened this PR because I use a few chatgpt integrations (https://github.com/not-poma/lazyshell, https://github.com/jackMort/ChatGPT.nviml) and they all read the Edit: bad links |
I meant |
@eric-glb These changes might be interesting for you 🙂 We would be able to pass |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As a client, why do I need such a vulnerability in this software? I still don't believe this change is necessary implementation.
--reset-key
is a better alternative in situations where you would like to control API directly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add changes in README.md, metion the optional env api key setup in Installation section.
What vulnerability? Writing an active API key to an unencrypted file? |
Sounds good, I'll do it shortly. |
This just seems like a vulnerability, is there any way to regulate something more secure before adding this PR? |
This is a common way to store keys on the system. And it doesn't cancel implementation of |
I'll manage the docker part once the (Edit: grammar and more details). |
FYI: I already added the instructions to the readme. |
I would remove api key volume, and use env variable instead. Plus README.md updates. |
#63, feel free to modify as you wish ^^ |
Try to get the api key from the OPENAI_API_KEY environment variable before prompting user.
This also avoids storing active api keys in unencrypted text files.