Spaces:
Sleeping
Security & Privacy - Character Forge
π API Key Security
How API Keys Work
Character Forge is designed to be deployed as a public HuggingFace Space where each user provides their own Gemini API key.
β SECURE: Each user's API key stays in THEIR session only
- API keys are stored in Streamlit's
session_state - Session state is isolated per browser session
- Your API key is NEVER shared with other users
- Your API key is NEVER stored on the server
- Your API key is NEVER logged or saved to disk
Deployment Configuration
For Public Spaces (Recommended):
β DO NOT add GEMINI_API_KEY to HuggingFace Repository Secrets
If you add your API key as a secret, ALL users will use YOUR key and you'll pay for their usage!
Instead:
- Leave Repository Secrets empty
- Each user enters their own API key in the sidebar
- Users get their own free API key from Google AI Studio
For Private Spaces (Your Personal Use):
β
DO add GEMINI_API_KEY to Repository Secrets
If your Space is set to Private:
- Only you (and people you invite) can access it
- Safe to add your API key as a secret
- Convenient - no need to enter it each time
π Privacy & Data Handling
What Data is Processed?
When you generate images:
- Your input images are sent to Google's Gemini API
- Your text prompts are sent to Google's Gemini API
- Generated images are returned to your browser
- Nothing is stored on HuggingFace servers (files are temporary)
Where Does Data Go?
Your Browser
β (upload image + prompt)
HuggingFace Space (temporary processing)
β (forward to API)
Google Gemini API (image generation)
β (return generated image)
HuggingFace Space (temporary)
β (download image)
Your Browser (you save it)
Data Retention
On HuggingFace:
- Generated images are stored in
/tmp/(deleted after session ends) - No permanent storage
- No logs of your generations
On Google Gemini API:
- Review Google's Privacy Policy
- Gemini API processes your data per their terms
- Check Gemini API Terms
π‘οΈ Best Practices
For Users:
Get Your Own API Key
- Visit Google AI Studio
- Create a free API key
- Enter it in the Character Forge sidebar
- Keep it private (don't share screenshots with your key visible)
Monitor Your Usage
- Check your usage at Google AI Studio
- Free tier: 15 requests/minute, 1500/day
- Paid tier: ~$0.03 per image
Protect Your Key
- Never share your API key publicly
- Don't commit it to git repositories
- Use environment variables for local development
For Space Owners:
Public Space = No Secrets
- Don't add
GEMINI_API_KEYto Repository Secrets - Let users provide their own keys
- Zero cost to you!
- Don't add
Private Space = Secrets OK
- Add your key as a secret if Space is private
- Only you and invited users can access
- You control who uses your key
Monitor Your Space
- Check HuggingFace Space logs for errors
- Monitor unusual activity
- Consider adding rate limiting if needed
π Code Audit
The security model is implemented in these files:
Session State Isolation
- File:
character_forge_image/app.py - Lines: 40-41, 118-119
- Behavior: API key stored in
st.session_state.gemini_api_key - Isolation: Streamlit guarantees session state is per-user
API Key Retrieval
- File:
character_forge_image/config/settings.py - Lines: 54-61
- Behavior: Checks environment variable, falls back to None
- Safe: If no env var, users must provide their own
API Key Usage
- File:
character_forge_image/core/gemini_client.py - Lines: 35-46
- Behavior: API key passed to Google's SDK
- Safe: Never logged, never stored
β οΈ Common Mistakes to Avoid
β DON'T: Share Your API Key
# NEVER do this in public code
GEMINI_API_KEY = "AIzaSy..." # β Hard-coded key
β DON'T: Add Secret to Public Space
# In HuggingFace Settings β Repository Secrets
# If Space is PUBLIC:
GEMINI_API_KEY: AIzaSy... # β Everyone uses your key!
β DO: Let Users Provide Keys
# This is what Character Forge does:
st.session_state.gemini_api_key = user_input # β
Per-user key
β DO: Use Environment Variables Locally
# For local development:
export GEMINI_API_KEY="your-key-here"
streamlit run app.py
π Cost Implications
Public Space (Users Provide Keys)
- Your Cost: $0
- User Cost: Their own API usage
- Benefit: Scalable, no abuse risk
Public Space (You Provide Key) β NOT RECOMMENDED
- Your Cost: Unlimited! Users can drain your account
- Risk: High abuse potential
- Benefit: None
Private Space (You Provide Key)
- Your Cost: Only your usage
- Risk: Low (only you and invited users)
- Benefit: Convenient
π¨ Security Incident Response
If you suspect your API key has been compromised:
Revoke the key immediately
- Go to Google AI Studio
- Delete the compromised key
Create a new key
- Generate a fresh API key
- Update your local environment
Review usage
- Check your API usage logs
- Look for unusual activity
Update security
- Ensure key isn't in git history
- Update
.gitignoreif needed - Rotate keys regularly
β Verification
To verify the security model is working:
- Open two different browsers (e.g., Chrome and Firefox)
- Visit your Space in both browsers
- Enter different API keys in each browser
- Generate images in both
- Verify: Each browser uses its own key (check Google API usage)
If both browsers share the same key β SECURITY ISSUE If each browser has its own key β WORKING CORRECTLY β
π Reporting Security Issues
If you find a security vulnerability:
- DO NOT create a public GitHub issue
- Email: gk@ghmk.de
- Subject: "Character Forge Security Issue"
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
We'll respond within 48 hours.
π License & Compliance
Character Forge is licensed under GNU AGPL v3.0
This means:
- β Free to use
- β Open source
- β Modifications must be shared
- β Cannot be integrated into proprietary software
For security audits, the full source code is available at: https://huggingface.co/spaces/ghmk/character_forge
Last Updated: 2025-01-12 Version: 1.0.0