Each year the number of leak of secrets (API key, Cloud based service secrets) detected in git repositories, especially PUBLIC ones is constantly raising. This means that people leaks more secret every year.
This is a subject I really care about and I always suggests that the best way to avoid this problem is completely avoid writing secrets in a file that is contained in a repository. All secrets file should be contained in parent directories that are outside of any repository.
Since AI is a hot topic in these days, you absolutely need to keep your OPENAI key or Azure OpenAI service key outside of your repository. In this video I'll explain how to to this with a super simple and common python library.
▬ Contents of this video ▬▬▬▬▬▬▬▬▬▬
00:00 - Introduction to Credential Leakage in GitHub Repositories
00:35 - The Risk of Leaking API Keys in Public Repositories
00:58 - Best Practices to Avoid Accidental Credential Leakage
01:22 - Using Python.env Library to Secure Credentials
02:03 - Placing .env File Outside of Git Repository for Security
02:50 - Sharing .env File Across Multiple Projects
03:03 - Loading and Verifying .env File in Python
03:37 - Ensuring Sensitive Settings are Outside Git-Controlled Folders
04:01 - Importance of Not Including Secrets in Repository Files
04:12 - Implementing .env Solution in C-sharp
29 июл 2024
