Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to hide the openAI api key ? #11

Open
AlexDoutsinis opened this issue Jul 21, 2023 · 2 comments
Open

How to hide the openAI api key ? #11

AlexDoutsinis opened this issue Jul 21, 2023 · 2 comments

Comments

@AlexDoutsinis
Copy link

I see that this library is built to run entirely on the client side. If so, how can we hide the API key? Doesn't this introduce security issues?
@hamish-later
Copy link

It looks like you have the option of providing a custom embedding function which could hit a backend server handling all your requests to OpenAI and returning of the embeddings:

vector-storage/src/VectorStorage.ts

Line 22 in d53f06a

this.embedTextsFn = options.embedTextsFn ?? this.embedTexts; // Use the custom function if provided, else use the default one

@ccfontes
Copy link

ccfontes commented Dec 7, 2023

lgtm to have the option, but maybe hitting a backend server to handle requests to OpenAI should be the default with option to override with direct request to OpenAI instead. See: https://platform.openai.com/docs/api-reference/authentication

Remember that your API key is a secret! Do not share it with others or expose it in any client-side code (browsers, apps). Production requests must be routed through your own backend server where your API key can be securely loaded from an environment variable or key management service.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ccfontes @AlexDoutsinis @hamish-later