⚠️ You might be exposing a secret token, is this intended?

#2
by token-scanner - opened

Please check Space app file as you might be exposing a secret token.
We recommend you to use Repository secrets (env variables) in your Space settings. Afterwards, you can use it like:

import os
SECRET_TOKEN = os.getenv("SECRET_TOKEN")

Read more here. Once this is fixed, we strongly advise you to invalidate or delete your secret so that no one else can use it. In case of a Hugging Face token, you can do this in your settings.

Truepic org

Thanks, i believe we are using Repository secrets, where applicable. Can you provide more details (ideally a file name and line number) about what was identified in your scan?

Sign up or log in to comment