OpenAI API Key Leaked

SomebodySysop · February 14, 2025, 9:17pm

Description

Server Setup Information

Weaviate Server Version:
Deployment Method:
Multi Node? Number of Running Nodes:
Client Language and Version:
Multitenancy?:

Any additional Information

I just got a note that my OpenAI API key was leaked. As I use OpenAI for embedding as well as text-2vec, where do I go to enter the new key in Weaviate. Thanks!

DudaNogueira · February 14, 2025, 9:31pm

hi @SomebodySysop !!

There are two places that you can pass your API Keys to Weaviate.

At the client instantiation, as header:

# Recommended: save sensitive data as environment variables
openai_key = os.getenv("OPENAI_APIKEY")
headers = {
    "X-OpenAI-Api-Key": openai_key,
}

or at the server level, providing the environment variable OPENAI_APIKEY

Let me know if that helps!

Thanks!

SomebodySysop · February 14, 2025, 9:46pm

So the openai key is not stored anywhere in weaviate, but always sent dynamically with every query/embed request?

DudaNogueira · February 16, 2025, 11:08am

That’s correct. It is not stored in Weaviate itself.

Topic		Replies	Views
Weaviate python client setup with Azure OpenAI keys Support integration	5	1599	May 20, 2024
Specify OPENAI API KEY as envsecret Support	1	23	October 10, 2024
"Incorrect API key provided" Error when working with Azure OpenAI Support	6	2547	April 16, 2024
Weaviate console seems to ignore OpenAI ApiKey Support	3	173	April 29, 2024
Start weaviate embeded with openai token and persistent storage General	3	76	November 4, 2024

OpenAI API Key Leaked

Description

Server Setup Information

Any additional Information

Related topics