[oriettaxx]

It's pretty bad to ask people to enter e private secret key in a web site (any, I mean)

[thangngoc89]

They provided an option to build it locally and run it yourself. But yeah, I wish there is a common proxy protocol that would allow website accessing private resources without exposing private keys

[titaniczero]

OpenAI should implement an oauth authorization server and allow developers to use "Login with OpenAI account" into their apps.

[butterfly771]

I agree, this is the best solution, I'm sick of countless projects with key input fields where I have to go to Ctrl/CV every time.

[blazespin]

Not to mention the ludicrously gaping security issue that this is. My guess is they want to push people to the plugins tho.

[andag]

Maybe a small video demo would be an ok alternative?

[Veen]

What alternative would you suggest for a free service that depends on OpenAI APIs? It's easy enough to generate an API key for this service and delete it afterwards.

[gkbrk]

Why? OpenAI keys can be revoked at any time, and OpenAI allows you to set soft and hard limits for billing as well.

You can also generate multiple keys, so if one app misbehaves, you don't need to rotate all the keys, just the one that misbehaves.

This is assuming the API keys can only do generation. If it can access billing details or something it's very different of course.

[balls187]

> Why?

Because it's bad practice to provide sensitive information to untrusted sources, and if you are an ethical developer, it's an anti-pattern to write software that encourages bad practices.

Your credit card company will reverse any authorized charges. Will you email me all your credit card info?

[sebzim4500]

If I could generate a credit card number just to send you money then yeah sure.

[oriettaxx]

> It's pretty bad to ask people to enter e private secret key in a web site (any, I mean)

I answer back to myself: I miss-understood since the idea of the developer is to run it locally http://localhost:3000 while I got scared from the DEMO

Congrats to the developer!