Spaces:
Sleeping
Sleeping
| # Security & Privacy - Character Forge | |
| ## π API Key Security | |
| ### How API Keys Work | |
| Character Forge is designed to be deployed as a **public HuggingFace Space** where each user provides their own Gemini API key. | |
| **β SECURE: Each user's API key stays in THEIR session only** | |
| - API keys are stored in Streamlit's `session_state` | |
| - Session state is **isolated per browser session** | |
| - Your API key is **NEVER shared** with other users | |
| - Your API key is **NEVER stored** on the server | |
| - Your API key is **NEVER logged** or saved to disk | |
| ### Deployment Configuration | |
| **For Public Spaces (Recommended):** | |
| β **DO NOT** add `GEMINI_API_KEY` to HuggingFace Repository Secrets | |
| If you add your API key as a secret, ALL users will use YOUR key and you'll pay for their usage! | |
| Instead: | |
| - Leave Repository Secrets empty | |
| - Each user enters their own API key in the sidebar | |
| - Users get their own free API key from [Google AI Studio](https://aistudio.google.com/app/apikey) | |
| **For Private Spaces (Your Personal Use):** | |
| β **DO** add `GEMINI_API_KEY` to Repository Secrets | |
| If your Space is set to Private: | |
| - Only you (and people you invite) can access it | |
| - Safe to add your API key as a secret | |
| - Convenient - no need to enter it each time | |
| --- | |
| ## π Privacy & Data Handling | |
| ### What Data is Processed? | |
| When you generate images: | |
| 1. **Your input images** are sent to Google's Gemini API | |
| 2. **Your text prompts** are sent to Google's Gemini API | |
| 3. **Generated images** are returned to your browser | |
| 4. **Nothing is stored** on HuggingFace servers (files are temporary) | |
| ### Where Does Data Go? | |
| ``` | |
| Your Browser | |
| β (upload image + prompt) | |
| HuggingFace Space (temporary processing) | |
| β (forward to API) | |
| Google Gemini API (image generation) | |
| β (return generated image) | |
| HuggingFace Space (temporary) | |
| β (download image) | |
| Your Browser (you save it) | |
| ``` | |
| ### Data Retention | |
| **On HuggingFace:** | |
| - Generated images are stored in `/tmp/` (deleted after session ends) | |
| - No permanent storage | |
| - No logs of your generations | |
| **On Google Gemini API:** | |
| - Review [Google's Privacy Policy](https://policies.google.com/privacy) | |
| - Gemini API processes your data per their terms | |
| - Check [Gemini API Terms](https://ai.google.dev/terms) | |
| --- | |
| ## π‘οΈ Best Practices | |
| ### For Users: | |
| 1. **Get Your Own API Key** | |
| - Visit [Google AI Studio](https://aistudio.google.com/app/apikey) | |
| - Create a free API key | |
| - Enter it in the Character Forge sidebar | |
| - Keep it private (don't share screenshots with your key visible) | |
| 2. **Monitor Your Usage** | |
| - Check your usage at [Google AI Studio](https://aistudio.google.com/) | |
| - Free tier: 15 requests/minute, 1500/day | |
| - Paid tier: ~$0.03 per image | |
| 3. **Protect Your Key** | |
| - Never share your API key publicly | |
| - Don't commit it to git repositories | |
| - Use environment variables for local development | |
| ### For Space Owners: | |
| 1. **Public Space = No Secrets** | |
| - Don't add `GEMINI_API_KEY` to Repository Secrets | |
| - Let users provide their own keys | |
| - Zero cost to you! | |
| 2. **Private Space = Secrets OK** | |
| - Add your key as a secret if Space is private | |
| - Only you and invited users can access | |
| - You control who uses your key | |
| 3. **Monitor Your Space** | |
| - Check HuggingFace Space logs for errors | |
| - Monitor unusual activity | |
| - Consider adding rate limiting if needed | |
| --- | |
| ## π Code Audit | |
| The security model is implemented in these files: | |
| ### Session State Isolation | |
| - **File**: `character_forge_image/app.py` | |
| - **Lines**: 40-41, 118-119 | |
| - **Behavior**: API key stored in `st.session_state.gemini_api_key` | |
| - **Isolation**: Streamlit guarantees session state is per-user | |
| ### API Key Retrieval | |
| - **File**: `character_forge_image/config/settings.py` | |
| - **Lines**: 54-61 | |
| - **Behavior**: Checks environment variable, falls back to None | |
| - **Safe**: If no env var, users must provide their own | |
| ### API Key Usage | |
| - **File**: `character_forge_image/core/gemini_client.py` | |
| - **Lines**: 35-46 | |
| - **Behavior**: API key passed to Google's SDK | |
| - **Safe**: Never logged, never stored | |
| --- | |
| ## β οΈ Common Mistakes to Avoid | |
| ### β DON'T: Share Your API Key | |
| ```python | |
| # NEVER do this in public code | |
| GEMINI_API_KEY = "AIzaSy..." # β Hard-coded key | |
| ``` | |
| ### β DON'T: Add Secret to Public Space | |
| ```yaml | |
| # In HuggingFace Settings β Repository Secrets | |
| # If Space is PUBLIC: | |
| GEMINI_API_KEY: AIzaSy... # β Everyone uses your key! | |
| ``` | |
| ### β DO: Let Users Provide Keys | |
| ```python | |
| # This is what Character Forge does: | |
| st.session_state.gemini_api_key = user_input # β Per-user key | |
| ``` | |
| ### β DO: Use Environment Variables Locally | |
| ```bash | |
| # For local development: | |
| export GEMINI_API_KEY="your-key-here" | |
| streamlit run app.py | |
| ``` | |
| --- | |
| ## π Cost Implications | |
| ### Public Space (Users Provide Keys) | |
| - **Your Cost**: $0 | |
| - **User Cost**: Their own API usage | |
| - **Benefit**: Scalable, no abuse risk | |
| ### Public Space (You Provide Key) β NOT RECOMMENDED | |
| - **Your Cost**: Unlimited! Users can drain your account | |
| - **Risk**: High abuse potential | |
| - **Benefit**: None | |
| ### Private Space (You Provide Key) | |
| - **Your Cost**: Only your usage | |
| - **Risk**: Low (only you and invited users) | |
| - **Benefit**: Convenient | |
| --- | |
| ## π¨ Security Incident Response | |
| If you suspect your API key has been compromised: | |
| 1. **Revoke the key immediately** | |
| - Go to [Google AI Studio](https://aistudio.google.com/) | |
| - Delete the compromised key | |
| 2. **Create a new key** | |
| - Generate a fresh API key | |
| - Update your local environment | |
| 3. **Review usage** | |
| - Check your API usage logs | |
| - Look for unusual activity | |
| 4. **Update security** | |
| - Ensure key isn't in git history | |
| - Update `.gitignore` if needed | |
| - Rotate keys regularly | |
| --- | |
| ## β Verification | |
| To verify the security model is working: | |
| 1. **Open two different browsers** (e.g., Chrome and Firefox) | |
| 2. **Visit your Space** in both browsers | |
| 3. **Enter different API keys** in each browser | |
| 4. **Generate images** in both | |
| 5. **Verify**: Each browser uses its own key (check Google API usage) | |
| If both browsers share the same key β **SECURITY ISSUE** | |
| If each browser has its own key β **WORKING CORRECTLY β ** | |
| --- | |
| ## π Reporting Security Issues | |
| If you find a security vulnerability: | |
| 1. **DO NOT** create a public GitHub issue | |
| 2. **Email**: gk@ghmk.de | |
| 3. **Subject**: "Character Forge Security Issue" | |
| 4. **Include**: | |
| - Description of the vulnerability | |
| - Steps to reproduce | |
| - Potential impact | |
| We'll respond within 48 hours. | |
| --- | |
| ## π License & Compliance | |
| Character Forge is licensed under **GNU AGPL v3.0** | |
| This means: | |
| - β Free to use | |
| - β Open source | |
| - β Modifications must be shared | |
| - β Cannot be integrated into proprietary software | |
| For security audits, the full source code is available at: | |
| https://huggingface.co/spaces/ghmk/character_forge | |
| --- | |
| **Last Updated**: 2025-01-12 | |
| **Version**: 1.0.0 | |