API key security management program
The following protection measures are recommended for all types of sensitive keys contained in configuration files:
- Basic protection::
1. Modify configuration file permissions:chmod 600 ~/.wukong/config.yml
2. Disable log export key (refer to Issue #317 fix)
3. Use environment variables instead of explicit configuration (requires modification of wukong.py source code) - Advanced Key Management::
1. Create least privilege API keys for different services
2. Periodic key rotation (dealing specifically with billing APIs such as OpenAI)
3. Use of key management services such as Vault (additional deployment required) - development specification::
Use thegit check-ignoreVerify that the configuration file has been added to .gitignore. team development is done through theconfig.yml.exampleTemplate shared configuration structure.
Special note: Baidu/Xunfei and other platforms can set IP whitelisting, Raspberry Pi deployment should be configured with DDNS+Fixed IP for enhanced protection. For open source project contributions, be sure to scan the code to see if it accidentally contains keys.
This answer comes from the articlewukong-robot: a smart speaker project to create personalized Chinese voice conversationsThe
May not be reproduced without permission:AI productivity tools " How to avoid the risk of API key leakage in wukong-robot?
English 
简体中文 
日本語 
Deutsch 
Português do Brasil