Ask HN: If you are building OpenAI apps, how do you store user's API key?
3 by huydotnet | 2 comments on Hacker News.
This question has been around my mind lately. The context is, if you are building a web application that allows user to use their own OpenAI API key to interact with OpenAI, how would you store their API key? 1. Local storage, let them send your API key through your server 2. Local storage, and the API key is called right from the user's browser 3. On your server??? How to store it securely? Using a vault manager? #2 seems like a good choice, but in case you need to secure your prompt, then this is not feasible. I've been struggling to find a good way to handle this situation. Anyone have any idea or best practice on how to go about this scenario?