include::../../../shared_content/secrets/description.adoc[]

== Why is this an issue?

include::../../../shared_content/secrets/rationale.adoc[]

=== What is the potential impact?

If a Clarifai API key leaks to an unintended audience, it could potentially lead
to unauthorized access to the Clarifai account and its associated data. This
could result in the compromise of sensitive data or financial loss.

include::../../../shared_content/secrets/impact/financial_loss.adoc[]

include::../../../shared_content/secrets/impact/data_compromise.adoc[]

== How to fix it

include::../../../shared_content/secrets/fix/revoke.adoc[]

include::../../../shared_content/secrets/fix/vault.adoc[]

=== Code examples

==== Noncompliant code example

[source,python,diff-id=1,diff-type=noncompliant]
----
from clarifai_grpc.grpc.api.status import status_code_pb2

metadata = (('authorization','Key d819f799b90bc8dbaffd83661782dbb7'),)
----

==== Compliant solution

[source,python,diff-id=1,diff-type=compliant]
----
import os
from clarifai_grpc.grpc.api.status import status_code_pb2

metadata = (('authorization',os.environ["CLARIFAI_API_KEY"]),)
----


//=== How does this work?

//=== Pitfalls

//=== Going the extra mile

== Resources

include::../../../shared_content/secrets/resources/standards.adoc[]

//=== Benchmarks