| ▲ | tuvistavie 2 hours ago | |
I think having API keys for some third-party services (whatever LLM provider, for example) in a .env file to be able to easily run the app locally is pretty common. Even if they are dev-only API keys, still not great if they leak. | ||
| ▲ | endofreach an hour ago | parent [-] | |
If you can't trust the "agent" with a secret to the LLM which is practically like access to its runtime, what the hell... others propose mitming yourself... All of this does seem kinda funny | ||