Aider-AI
open api key saved in log file when run in verbose mode
Seems like it would be easy for someone (particularly new to coding) to forget to add the log file to a .gitignore and inadvertently publish their key. Maybe the logger should scrub the keys before saving?
I think in general, searching for secrets could be a post-processing step. There are many places this can happen, for example aider has updated my README.md using real keys as examples, not only the open ai key, but other API keys as well.
Yes, I bet there is plenty of "funny’s " stuff happening with api keys getting used by someone other than the subscriber...IJS
Thanks for trying aider and reporting this issue. It's a good suggestion.
I pasted the issue into aider and it fixed itself (7c3bbce).
I'm going to close this issue for now, but feel free to re-open or file a new issue any time.