Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VULNERABILITY WARNING - Eleven labs api key exposed to client side. KEY SHOULD NOT BE PUBLIC #15

Open
Pascaltib opened this issue Aug 19, 2024 · 3 comments
Open

VULNERABILITY WARNING - Eleven labs api key exposed to client side. KEY SHOULD NOT BE PUBLIC #15

Pascaltib opened this issue Aug 19, 2024 · 3 comments

Comments

@Pascaltib
Copy link

A request is made using process.env.NEXT_PUBLIC_ELEVENLABS_API_KEY on the client. This is not a public key. This api key should only be used in the backend. Elevenlabs does not have a way to make requests from the client yet.

You can very easily steal the api key from the inspector network tab.

If you have exposed this api key I suggest you rotate it.

This request needs to be made from the backend moving forward.
@ntegrals
Copy link
Owner

Very good and important point! I've already added this to my to-dos 🙏

@kfern
Copy link

kfern commented Aug 26, 2024

@ntegrals Why are you closing it? It's not solved

@ntegrals ntegrals reopened this Aug 26, 2024
@ntegrals
Copy link
Owner

ntegrals commented Aug 26, 2024
edited
Loading

@kfern @Pascaltib Reopened 🙏 I'll close it when it's fixed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kfern @ntegrals @Pascaltib