security-ai-keys
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
Chinese<overview>
Security audit patterns for AI API key leakage in applications integrating AI providers.
</overview>
<rules><overview>
针对集成AI服务商的应用中AI API密钥泄露问题的安全审计模式。
</overview>
<rules>Core Principles
核心原则
- MUST treat AI API keys as secrets and keep them server-side.
- MUST NOT ship keys to browsers or mobile clients.
- SHOULD avoid logging keys; redact before logging or error reporting.
- MUST rotate keys immediately if exposure is suspected.
- 必须将AI API密钥视为机密信息,仅保留在服务器端。
- 严禁将密钥部署到浏览器或移动客户端。
- 应避免记录密钥;记录或错误报告前需先脱敏。
- 一旦怀疑密钥泄露,必须立即轮换密钥。
Common Leak Paths
常见泄露途径
1) Client-Side Exposure
1) 客户端暴露
- /
NEXT_PUBLIC_*env vars containing AI keysVITE_* - Direct calls to AI provider endpoints from browser code
- 包含AI密钥的/
NEXT_PUBLIC_*环境变量VITE_* - 浏览器代码直接调用AI服务商的接口
2) Build Artifacts
2) 构建产物
- Keys embedded in bundles (,
dist/,build/).next/ - Source maps exposing server code containing keys
- 密钥嵌入在打包文件中(、
dist/、build/).next/ - Source map暴露包含密钥的服务器代码
3) Logs and Telemetry
3) 日志与遥测
- / logger statements that include key values
console.log - Error tracking payloads (Sentry, Datadog) with headers included
- 包含密钥值的/ 日志语句
console.log - 包含请求头的错误追踪负载(如Sentry、Datadog)
Quick Audit Commands
快速审计命令
bash
undefinedbash
undefinedEnv files: AI keys accidentally exposed to client
环境文件:意外暴露给客户端的AI密钥
rg -n "(NEXT_PUBLIC_|VITE_).(OPENAI|OPENROUTER|ANTHROPIC|GEMINI|GOOGLE|VERTEX|BEDROCK|AWS|AZURE|MISTRAL|COHERE|GROQ|PERPLEXITY|TOGETHER|REPLICATE|FIREWORKS|HUGGINGFACE|HF_)" . -g ".env*"
rg -n "(NEXT_PUBLIC_|VITE_).(OPENAI|OPENROUTER|ANTHROPIC|GEMINI|GOOGLE|VERTEX|BEDROCK|AWS|AZURE|MISTRAL|COHERE|GROQ|PERPLEXITY|TOGETHER|REPLICATE|FIREWORKS|HUGGINGFACE|HF_)" . -g ".env*"
Client code calling AI APIs directly (check for browser use)
直接调用AI API的客户端代码(检查浏览器端使用情况)
rg -n "api.openai.com|openrouter.ai|api.anthropic.com|generativelanguage.googleapis.com|aiplatform.googleapis.com|bedrock.amazonaws.com|api.mistral.ai|api.cohere.ai|api.groq.com|api.together.xyz|api.perplexity.ai|api.replicate.com|api.fireworks.ai|openai.azure.com" . -g ".js" -g ".ts" -g ".jsx" -g ".tsx" -g ".vue"
rg -n "api.openai.com|openrouter.ai|api.anthropic.com|generativelanguage.googleapis.com|aiplatform.googleapis.com|bedrock.amazonaws.com|api.mistral.ai|api.cohere.ai|api.groq.com|api.together.xyz|api.perplexity.ai|api.replicate.com|api.fireworks.ai|openai.azure.com" . -g ".js" -g ".ts" -g ".jsx" -g ".tsx" -g ".vue"
Scan build outputs for likely keys (heuristic)
扫描构建产物中可能存在的密钥(启发式检测)
rg -a "sk-[A-Za-z0-9]{20,}|sk-ant-[A-Za-z0-9-]{20,}|sk-or-[A-Za-z0-9-]{20,}|AIza[0-9A-Za-z_-]{35}|hf_[A-Za-z0-9]{20,}" dist/ build/ .next/ 2>/dev/null
rg -a "sk-[A-Za-z0-9]{20,}|sk-ant-[A-Za-z0-9-]{20,}|sk-or-[A-Za-z0-9-]{20,}|AIza[0-9A-Za-z_-]{35}|hf_[A-Za-z0-9]{20,}" dist/ build/ .next/ 2>/dev/null
Service account credentials and cloud auth files
服务账号凭证与云认证文件
rg -n ""type"\s*:\s*"service_account"|GOOGLE_APPLICATION_CREDENTIALS|AWS_ACCESS_KEY_ID|AWS_SECRET_ACCESS_KEY|AZURE_OPENAI_API_KEY" . -g ".env" -g "*.json"
</commands>
<checklist>rg -n ""type"\s*:\s*"service_account"|GOOGLE_APPLICATION_CREDENTIALS|AWS_ACCESS_KEY_ID|AWS_SECRET_ACCESS_KEY|AZURE_OPENAI_API_KEY" . -g ".env" -g "*.json"
</commands>
<checklist>Hardening Checklist
加固检查清单
- AI provider keys only in server runtime (never in browser)
- and
.env.localare gitignored.env.*.local - Logs redact or omit secrets (request headers, env values)
- Build artifacts scanned before deploy
- Keys rotated if exposure suspected
- AI服务商密钥仅存在于服务器运行时(绝不在浏览器中)
- 和
.env.local已添加到git忽略列表.env.*.local - 日志已脱敏或省略机密信息(请求头、环境变量值)
- 部署前已扫描构建产物
- 怀疑密钥泄露时已轮换密钥
Scripts
脚本
- - First-pass AI key leakage scan
scripts/scan.sh
- - AI密钥泄露初步扫描脚本
scripts/scan.sh