##### ###### ##### ### # # ### # # ###### ## ## ## ## ## ## ## # # # # # ## ##### #### ##### # # # # # # # #### ## # ## ## ## ## # # # # # ## ## # ###### ## ### # ### # ######
##### ###### ##### ### # # ### # # ###### ## ## ## ## ## ## ## # # # # # ## ##### #### ##### # # # # # # # #### ## # ## ## ## ## # # # # # ## ## # ###### ## ### # ### # ######
The hardcoded API key problem
AI frequently hardcodes secrets directly in code:
api_key = "sk-live-abc123..."
This ends up in your git history forever. Even if you delete it, it's in old commits. Use environment variables:
api_key = os.environ.get("API_KEY")
Before committing any AI-generated code, search for patterns like "sk-", "api_key =", "password =", and "secret".
