How to hide the openAI api key ?

[AlexDoutsinis]

I see that this library is built to run entirely on the client side. If so, how can we hide the API key? Doesn't this introduce security issues?

[hamish-later]

It looks like you have the option of providing a custom embedding function which could hit a backend server handling all your requests to OpenAI and returning of the embeddings:

vector-storage/src/VectorStorage.ts

Line 22 in d53f06a

this.embedTextsFn = options.embedTextsFn ?? this.embedTexts; // Use the custom function if provided, else use the default one

[ccfontes]

lgtm to have the option, but maybe hitting a backend server to handle requests to OpenAI should be the default with option to override with direct request to OpenAI instead. See: https://platform.openai.com/docs/api-reference/authentication

Remember that your API key is a secret! Do not share it with others or expose it in any client-side code (browsers, apps). Production requests must be routed through your own backend server where your API key can be securely loaded from an environment variable or key management service.