| ▲ | tadfisher 6 days ago |
| But do you still store your GH API private key in environment variables? |
|
| ▲ | curuinor 6 days ago | parent [-] |
| hey, this is Howon from CodeRabbit. We use a cloud-provider-provided key vault for application secrets, including GH private key. |
| |
| ▲ | musicnarcoman 6 days ago | parent | next [-] | | So the CodeRabbit application with access to application secrets still runs in the same virtual machine as untrusted code from the outside? | |
| ▲ | megamorf 5 days ago | parent | prev [-] | | Howon, you can stop posting that canned response. It's not helping the discussion in any way and matches the lack of detail the other commenters have pointed out. |
|
