Y
Hacker News
new
|
ask
|
show
|
jobs
by
tadfisher
302 days ago
But do you still store your GH API private key in environment variables?
1 comments
curuinor
302 days ago
hey, this is Howon from CodeRabbit. We use a cloud-provider-provided key vault for application secrets, including GH private key.
link
musicnarcoman
302 days ago
So the CodeRabbit application with access to application secrets still runs in the same virtual machine as untrusted code from the outside?
link
megamorf
302 days ago
Howon, you can stop posting that canned response. It's not helping the discussion in any way and matches the lack of detail the other commenters have pointed out.
link