Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
zozbot234 11 hours ago

> Google also has historically treated API keys as non-secrets, except with the introduction of the keys for LLM inference, then users are supposed to treat those secretly

This was reported a long time ago, and was supposed to be fixed by Google via making sure that these legacy public keys would not be usable for Gemini or AI. https://news.ycombinator.com/item?id=47156925 https://ai.google.dev/gemini-api/docs/troubleshooting#google... "We are defaulting to blocking API keys that are leaked and used with the Gemini API, helping prevent abuse of cost and your application data." Why are we hearing about this again?

addandsubtract 10 hours ago | parent | next [-]

FWIW, I just create a new Gemini API key today, and it had a different format than my old ones (created 10 days ago). So maybe they changed something?

zozbot234 10 hours ago | parent | next [-]

A reply on OP's post states: "... We now generate Auth keys by default for new users (more secure key which didn’t exist when the Gemini API was originally created a few years ago) and will have more to share there soon. ..." So there is something new in that exact area but the details are forthcoming.

spiznnx 6 hours ago | parent | prev [-]

I think brand new stuff is probably safe, but old keys that currently being used for AI and non-AI stuff - if Google disables them for AI and it turns out it was actually not being exposed publicly, could disrupt a user's production service relying on AI.

They messed up by allowing old keys to be used for both private and public APIs in the first place, but now it's difficult for them to undo that for existing keys.

PunchyHamster 11 hours ago | parent | prev [-]

the topic is cost overruns. they still allow for cost overruns. What's so hard to comprehend ?