alt Hacker NewsLast week I accidentally exposed my OpenAI, Anthropic, and Gemini keys. They somehow ended up in Claude Code logs(!) Within seconds I got an email from Anthropic and they have already disabled my keys. Neither OpenAI nor Google alerted me in anyway. I was able to login to OpenAI and delete all the keys quickly.
Took me a good 10-15 minutes to _just_ _find_ where Gemini/AI Studio/Vortex projects keys _might_ be! I had to "import project" before I could find where the key is. Google knew key was exposed but the key seemed to be still active with a "!" next to it!
With a lot of vibe coding happening, key hygiene becomes crucial on both issuer and user ends.
Replies
>Took me a good 10-15 minutes to _just_ _find_ where Gemini/AI Studio/Vortex projects keys _might_ be
I feel like all this granular key management across everything, dev, life, I might be more insecure but god damn I don't feel like I know what is going on.
How did they get leak them? Just someone getting into your personal Claude Code logs? I'm surprised that if it was just that Google would even be aware they're leaked.
> With a lot of vibe coding happening
I shudder to think of the implications.
Consider all the security disasters we already get from brogramming, and multiply that, times 100.