Remove hardcoded Giphy API key from config.py #19

New Issue

Closed

opened 2026-02-20 06:48:57 +00:00 by cal · 2 comments

cal commented 2026-02-20 06:48:57 +00:00

Owner

Copy Link

Description

config.py:100 — The Giphy API key is hardcoded as the default value for giphy_api_key. While it can be overridden by an environment variable, any deployment that does not set GIPHY_API_KEY will silently use this key, and the key itself is committed to version control. The correct pattern is to set giphy_api_key: Optional[str] = None and fail gracefully when absent.

File Locations

• config.py:100

Labels

security

Priority

high

## Description `config.py:100` — The Giphy API key is hardcoded as the default value for `giphy_api_key`. While it can be overridden by an environment variable, any deployment that does not set `GIPHY_API_KEY` will silently use this key, and the key itself is committed to version control. The correct pattern is to set `giphy_api_key: Optional[str] = None` and fail gracefully when absent. ## File Locations - `config.py:100` ## Labels security ## Priority high

cal referenced this issue from a commit 2026-02-20 16:39:04 +00:00

fix: address 7 security issues across the codebase

cal commented 2026-02-20 16:48:26 +00:00

Author

Owner

Copy Link

Addressed in commit f4be20a on next-release branch. Will be closed when merged to main.

Addressed in commit f4be20a on `next-release` branch. Will be closed when merged to main.

cal commented 2026-02-20 16:48:33 +00:00

Author

Owner

Copy Link

Addressed in commit f4be20a on next-release branch. Will be closed when merged to main.

Addressed in commit `f4be20a` on `next-release` branch. Will be closed when merged to main.

cal closed this issue 2026-02-20 20:29:06 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

fix/submit-modal-missing-logger

ai/major-domo-v2-91

ai/major-domo-v2-82

fix/scorecard-submission-resilience

fix/utc-timezone-scheduling

fix/scorebug-bugs

2026.3.13

2026.3.12

2026.3.11

2026.3.10

2026.3.9

2026.3.8

2026.3.7

2026.3.6

2026.3.5

2026.3.4

2026.3.3

2026.3.2

2026.3.1

2026.2.5

2026.2.4

2026.2.3

2026.2.2

2026.2.1

Labels

Clear labels   

ai-changes-requested

  

ai-pr-opened

  

ai-reviewed

  

ai-reviewing

  

ai-working

  

in-next-release

Fix included in the next-release branch, pending merge to main

  

status/in-progress

Work is actively in progress

  

status/pr-open

A pull request has been opened for this issue

No Label

ai-changes-requested

ai-pr-opened

ai-reviewed

ai-reviewing

ai-working

in-next-release

status/in-progress

status/pr-open

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: cal/major-domo-v2#19

No description provided.