this post was submitted on 22 Sep 2023
18 points (95.0% liked)

appsec

331 readers
1 users here now

A community for all things related to application security.

founded 1 year ago
MODERATORS
laszlok@infosec.pub
18
GitHub Copilot, Amazon Code Whisperer emit people's API keys (www.theregister.com)
submitted 1 year ago by N7x@infosec.pub to c/appsec@infosec.pub
11 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] CameronDev@programming.dev 0 points 1 year ago

I think, and i could be wrong, but you should be storing them in a password manager style service, and then have your application pull them out.

Which is just commiting the keys with extra steps I guess :/