Spaces:
Sleeping
Sleeping
File size: 6,850 Bytes
c078ea1 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 | # Security & Privacy - Character Forge
## π API Key Security
### How API Keys Work
Character Forge is designed to be deployed as a **public HuggingFace Space** where each user provides their own Gemini API key.
**β
SECURE: Each user's API key stays in THEIR session only**
- API keys are stored in Streamlit's `session_state`
- Session state is **isolated per browser session**
- Your API key is **NEVER shared** with other users
- Your API key is **NEVER stored** on the server
- Your API key is **NEVER logged** or saved to disk
### Deployment Configuration
**For Public Spaces (Recommended):**
β **DO NOT** add `GEMINI_API_KEY` to HuggingFace Repository Secrets
If you add your API key as a secret, ALL users will use YOUR key and you'll pay for their usage!
Instead:
- Leave Repository Secrets empty
- Each user enters their own API key in the sidebar
- Users get their own free API key from [Google AI Studio](https://aistudio.google.com/app/apikey)
**For Private Spaces (Your Personal Use):**
β
**DO** add `GEMINI_API_KEY` to Repository Secrets
If your Space is set to Private:
- Only you (and people you invite) can access it
- Safe to add your API key as a secret
- Convenient - no need to enter it each time
---
## π Privacy & Data Handling
### What Data is Processed?
When you generate images:
1. **Your input images** are sent to Google's Gemini API
2. **Your text prompts** are sent to Google's Gemini API
3. **Generated images** are returned to your browser
4. **Nothing is stored** on HuggingFace servers (files are temporary)
### Where Does Data Go?
```
Your Browser
β (upload image + prompt)
HuggingFace Space (temporary processing)
β (forward to API)
Google Gemini API (image generation)
β (return generated image)
HuggingFace Space (temporary)
β (download image)
Your Browser (you save it)
```
### Data Retention
**On HuggingFace:**
- Generated images are stored in `/tmp/` (deleted after session ends)
- No permanent storage
- No logs of your generations
**On Google Gemini API:**
- Review [Google's Privacy Policy](https://policies.google.com/privacy)
- Gemini API processes your data per their terms
- Check [Gemini API Terms](https://ai.google.dev/terms)
---
## π‘οΈ Best Practices
### For Users:
1. **Get Your Own API Key**
- Visit [Google AI Studio](https://aistudio.google.com/app/apikey)
- Create a free API key
- Enter it in the Character Forge sidebar
- Keep it private (don't share screenshots with your key visible)
2. **Monitor Your Usage**
- Check your usage at [Google AI Studio](https://aistudio.google.com/)
- Free tier: 15 requests/minute, 1500/day
- Paid tier: ~$0.03 per image
3. **Protect Your Key**
- Never share your API key publicly
- Don't commit it to git repositories
- Use environment variables for local development
### For Space Owners:
1. **Public Space = No Secrets**
- Don't add `GEMINI_API_KEY` to Repository Secrets
- Let users provide their own keys
- Zero cost to you!
2. **Private Space = Secrets OK**
- Add your key as a secret if Space is private
- Only you and invited users can access
- You control who uses your key
3. **Monitor Your Space**
- Check HuggingFace Space logs for errors
- Monitor unusual activity
- Consider adding rate limiting if needed
---
## π Code Audit
The security model is implemented in these files:
### Session State Isolation
- **File**: `character_forge_image/app.py`
- **Lines**: 40-41, 118-119
- **Behavior**: API key stored in `st.session_state.gemini_api_key`
- **Isolation**: Streamlit guarantees session state is per-user
### API Key Retrieval
- **File**: `character_forge_image/config/settings.py`
- **Lines**: 54-61
- **Behavior**: Checks environment variable, falls back to None
- **Safe**: If no env var, users must provide their own
### API Key Usage
- **File**: `character_forge_image/core/gemini_client.py`
- **Lines**: 35-46
- **Behavior**: API key passed to Google's SDK
- **Safe**: Never logged, never stored
---
## β οΈ Common Mistakes to Avoid
### β DON'T: Share Your API Key
```python
# NEVER do this in public code
GEMINI_API_KEY = "AIzaSy..." # β Hard-coded key
```
### β DON'T: Add Secret to Public Space
```yaml
# In HuggingFace Settings β Repository Secrets
# If Space is PUBLIC:
GEMINI_API_KEY: AIzaSy... # β Everyone uses your key!
```
### β
DO: Let Users Provide Keys
```python
# This is what Character Forge does:
st.session_state.gemini_api_key = user_input # β
Per-user key
```
### β
DO: Use Environment Variables Locally
```bash
# For local development:
export GEMINI_API_KEY="your-key-here"
streamlit run app.py
```
---
## π Cost Implications
### Public Space (Users Provide Keys)
- **Your Cost**: $0
- **User Cost**: Their own API usage
- **Benefit**: Scalable, no abuse risk
### Public Space (You Provide Key) β NOT RECOMMENDED
- **Your Cost**: Unlimited! Users can drain your account
- **Risk**: High abuse potential
- **Benefit**: None
### Private Space (You Provide Key)
- **Your Cost**: Only your usage
- **Risk**: Low (only you and invited users)
- **Benefit**: Convenient
---
## π¨ Security Incident Response
If you suspect your API key has been compromised:
1. **Revoke the key immediately**
- Go to [Google AI Studio](https://aistudio.google.com/)
- Delete the compromised key
2. **Create a new key**
- Generate a fresh API key
- Update your local environment
3. **Review usage**
- Check your API usage logs
- Look for unusual activity
4. **Update security**
- Ensure key isn't in git history
- Update `.gitignore` if needed
- Rotate keys regularly
---
## β
Verification
To verify the security model is working:
1. **Open two different browsers** (e.g., Chrome and Firefox)
2. **Visit your Space** in both browsers
3. **Enter different API keys** in each browser
4. **Generate images** in both
5. **Verify**: Each browser uses its own key (check Google API usage)
If both browsers share the same key β **SECURITY ISSUE**
If each browser has its own key β **WORKING CORRECTLY β
**
---
## π Reporting Security Issues
If you find a security vulnerability:
1. **DO NOT** create a public GitHub issue
2. **Email**: gk@ghmk.de
3. **Subject**: "Character Forge Security Issue"
4. **Include**:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
We'll respond within 48 hours.
---
## π License & Compliance
Character Forge is licensed under **GNU AGPL v3.0**
This means:
- β
Free to use
- β
Open source
- β
Modifications must be shared
- β Cannot be integrated into proprietary software
For security audits, the full source code is available at:
https://huggingface.co/spaces/ghmk/character_forge
---
**Last Updated**: 2025-01-12
**Version**: 1.0.0
|