I’m creating a vscode extension where I’m using gemini ai model to retrieve information.
Now I’m able to to achieve the goal in local If I put my api key and it works fine but now the problem is while deploying this code in prod. I’m afraid to put this in codebase. I assume it can lead to security issue.
Even I have read one thread. Where it’s suggesting me to use Google Secret Manager.
How can I hide my API keys for a Visual Studio Code Extension?
But even If I add this in this just to retrieve that even I have to make the rest api call to get the key back and the same thing that rest api will also have auth token that will cause the issue.
I’m referring this doc In this API section.
https://cloud.google.com/secret-manager/docs/access-secret-version#secretmanager-access-secret-version-api
I was finding the solution in chatgpt but it’s mostly suggesting me to take the input from user and store that api in Secure Storage (Recommended for VS Code Extensions) but I don’t want the user to set the API_KEY by themselves.
Any document will be helpful for me to understand this. I’m very new so any beginners best documents where I can understand how this is worlds and how to prevent that’s also helpful.
Thanks