-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add notes about keeping keys and tokens secure #70
Conversation
Update the About link to correct the 404 error. Then add a Social Media link to Vectara's Discord channel.
Add doc_meta example and update curl command syntax with single quotes around URL
Update doc_metadata example
Fix example for doc_meta
Updated a few statements based on team discussion around indexing
80 char spacing
Users need to be careful so that they do not accidentally share their keys or tokens in public channels. I added this note to three topics that discuss API keys and OAuth tokens.
✅ Deploy Preview for luxury-shortbread-acee05 ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
Updated spacing to resolve conflict
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mostly minor. 0Auth vs OAuth is the only really important one to make
@@ -16,6 +16,12 @@ having an accidental publication of an over-privileged API key is often | |||
organizationally "expensive." In general, it's recommended that you use | |||
[OAuth 2.0](OAuth 2.0) if/where possible for production applications. | |||
|
|||
:::warning | |||
|
|||
:lock: Always keep your API Keys and 0Auth tokens private. Do not share them through email, Slack, Discord, forums, or other public channels because it can lead to unauthorized access. Treat these keys with the same confidentiality as your personal credentials. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Can you fix the width of this to ~80 characters?
- It should be OAuth, not 0Auth
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done :)
@@ -22,6 +22,12 @@ OAuth 2.0 has several advantages over API keys or simple usernames/passwords: | |||
- OAuth 2.0 is inherently more tightly scoped than API keys | |||
- JWT tokens are detected by many security scanning tools, allowing them to more easily be flagged in the case of accidental publication | |||
|
|||
:::warning | |||
|
|||
:lock: Always keep your OAuth tokens private. Do not share them through email, Slack, Discord, forums, or other public channels because it can lead to unauthorized access. Treat these tokens with the same confidentiality as your personal credentials. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please wrap fix the width of this one as well
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
incremental mode, individual documents or messages are sent to be indexed. In | ||
a short period of time, generally a few minutes, the new content will become | ||
available in the search index. | ||
The indexing service operates by accepting individual documents or messages to be indexed. In a short period of time, generally a few minutes, the new content will become available in the search index. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please wrap this line
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
Updated wrapping in 3 topics and fixed typo with OAuth
Completed changes in latest commit |
Thanks, LGTM now! |
It's asking me to resolve a conflict (the area where I fixed the wrapping) but it's not letting me do anything when I go to Resolve conflicts. I double-checked my editing tool and the file is not in some pending state, and git status says there is nothing to commit. I suspect it's user error but I am unable to squash and merge. |
I just manually re-approved @pwoznic |
Signed-off-by: Shane Connelly <[email protected]>
Also, I should have manually fixed the merge. You'll want to update local branch(es). I think what happened here was you issued a PR from your personal GH account/branch, and then you made some edits to |
Signed-off-by: Paul Wozniczka <[email protected]>
Signed-off-by: Paul Wozniczka <[email protected]>
Updated several topics with a note about keeping API Keys and OAuth tokens secure.