Security Tips
Protect your API keys and user data.
API Key Security
✅ DO:
Store keys in environment variablesUse secret managers (AWS Secrets, HashiCorp Vault)Rotate keys periodicallyUse separate keys per environment❌ DON'T:
Commit keys to GitHubHardcode keys in source codeShare keys in Slack/messagesUse keys client-sideEnvironment Variables
.env (add to .gitignore)
GLOBAL_API_KEY=ga_xxxxxxxxxxxx
import os
client = OpenAI(
api_key=os.environ.get("GLOBAL_API_KEY"),
base_url="https://global-apis.com/v1"
)
Rate Limiting
Check `X-RateLimit-Remaining` headersImplement client-side throttlingUse queues for batch processing