Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hardcoded API Keys (Lines 71-75) #395

Open
nitish-yaddala opened this issue Nov 6, 2024 · 0 comments
Open

Hardcoded API Keys (Lines 71-75) #395

nitish-yaddala opened this issue Nov 6, 2024 · 0 comments

Comments

@nitish-yaddala
Copy link

trape/core/trape.py

Line 71 in 6baae24

if self.gmaps == '':

Security Concern: Hardcoded API keys (like gmaps and googl) pose a potential security risk, especially in public repositories.

Suggestion: Remove the hardcoded keys and use environment variables as a secure alternative. This change will make the code safer and prevent accidental exposure of sensitive information.

Code Suggestion:

self.gmaps = config_trape.get('gmaps_api_key', os.getenv("GMAPS_API_KEY", ""))
self.googl = config_trape.get('gshortener_api_key', os.getenv("GOOGL_API_KEY", ""))

Benefit: Using environment variables avoids the exposure of sensitive keys in the codebase and allows better configuration management across different environments.
@nitish-yaddala nitish-yaddala changed the title Hardcoded API Keys (Lines 71, 75) Hardcoded API Keys (Lines 71-75) Nov 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nitish-yaddala