Spaces:
Running
Running
A newer version of the Gradio SDK is available:
5.46.1
π Security Update: API Keys Setup
β What's Changed
I've updated your GitHub Actions workflows to follow security best practices:
- β Removed API keys from GitHub Actions - No more OPENAI_API_KEY or ANTHROPIC_API_KEY in GitHub secrets
- β Kept only Hugging Face variables - HF_TOKEN, HF_USERNAME, HF_SPACE_NAME remain in GitHub
- β Updated all documentation - Setup scripts and guides now reflect this change
π§ Your Current GitHub Secrets (Keep These)
| Secret Name | Purpose |
|---|---|
HF_TOKEN |
Hugging Face write token for deployment |
HF_USERNAME |
Your Hugging Face username |
HF_SPACE_NAME |
Your space name |
π― Next Steps
1. Remove API Keys from GitHub (if you added them)
If you previously added these to GitHub, you can remove them:
- Go to your repo β Settings β Secrets and variables β Actions
- Delete:
OPENAI_API_KEYandANTHROPIC_API_KEY(if they exist)
2. Add API Keys to Hugging Face Space
Follow the guide in HF_SPACE_SETUP.md:
- Go to your deployed space settings
- Add
OPENAI_API_KEYandANTHROPIC_API_KEYas space secrets - Restart your space
π Why This Is Better
- π‘οΈ Better Security: API keys are only stored where they're used
- π― Separation of Concerns: GitHub handles deployment, HF handles runtime
- π Easier Management: Change API keys without touching GitHub
- π Better Monitoring: HF Space logs show API usage, not deployment logs
π Deploy and Test
- Push your changes to trigger deployment
- Check deployment logs - should work without API keys
- Set HF Space secrets - follow
HF_SPACE_SETUP.md - Test your app - should work with API calls
Your workflows will now be more secure and easier to manage! π