←back to thread

Gemini CLI

(blog.google)
1339 points sync | 5 comments | 25 Jun 25 13:10 UTC | HN request time: 0.77s | source
1. iaresee ◴[25 Jun 25 14:30 UTC] No.44377777[source]
Whoa. Who at Google thought providing this as an example of how to test your API key was a good idea?

https://imgur.com/ZIZkLU7

This is shown at the top of the screen in https://aistudio.google.com/apikey as the suggested quick start for testing your API key out.

Not a great look. I let our GCloud TAM know. But still.

replies(3): >>44378416 #>>44379072 #>>44379108 #
2. ◴[25 Jun 25 15:27 UTC] No.44378416[source]
3. asadm ◴[25 Jun 25 16:24 UTC] No.44379072[source]
What's wrong here?
replies(1): >>44379866 #
4. nickysielicki ◴[25 Jun 25 16:28 UTC] No.44379108[source]
it's wrapped in TLS, is ok.
5. iaresee ◴[25 Jun 25 17:36 UTC] No.44379866[source]
Don't put your API keys as parameters in your URL. Great way to have them land in server logs, your shell history, etc. You're trusting no one with decryption capabilities is doing logging and inspection correctly, which you shouldn't.