I’m curious about the OpenAI keys in the Streamlit apps on Share App. Are the services on Share App intended for actual usage, or is the purpose to fork and use them locally?
When entering an OpenAI key, it seems like the key information would be sent to the server. I’m curious if there are any security concerns with this. If there are no issues, I’d like to develop something similar and share it as well!
I’m leaving this question because it’s hard to confirm.
That’s a great question, apps that can be forked would allow you to either replicate the app or use it as the starting point for adding further features to it. As for the OpenAI API key, you can securely store them in the Secrets management on the Community Cloud platform as well as locally or for self-deployment. Such keys can then be used in-app by using the st.secrets method.
For further information on Secrets management in Streamlit please refer to the following Docs page:
Thank you for the kind explanation. However, what I was curious about is different. It’s not about my OpenAI key, but when sharing an app on Streamlit App Share, like the attached image, I want to confirm if there are any security concerns in passing the OpenAI key to the user and using it! @dataprofessor
Indeed, if this is not your own streamlit app, you must trust the developer of this third-party streamlit app not to store or misuse the credentials you have voluntarily entered there.
There is always a risk when using your API key in any code. Unless you have access to the code of the app and can explicitly see that the API key is not misusing the key then you can proceed with care.
I wrote a blog on how you can securely use API keys (see link below) in Streamlit apps:
Thanks for stopping by! We use cookies to help us understand how you interact with our website.
By clicking “Accept all”, you consent to our use of cookies. For more information, please see our privacy policy.
Cookie settings
Strictly necessary cookies
These cookies are necessary for the website to function and cannot be switched off. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms.
Performance cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us understand how visitors move around the site and which pages are most frequently visited.
Functional cookies
These cookies are used to record your choices and settings, maintain your preferences over time and recognize you when you return to our website. These cookies help us to personalize our content for you and remember your preferences.
Targeting cookies
These cookies may be deployed to our site by our advertising partners to build a profile of your interest and provide you with content that is relevant to you, including showing you relevant ads on other websites.