--nextPart2245192.NG923GbCHz Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" On Montag, 18. Januar 2021 17:20:31 CET Volker Krause wrote: > On Montag, 18. Januar 2021 12:21:30 CET Jean-Baptiste Mardelle wrote: > > Hi all, > > > > For Kdenlive, we are planning to expand the use of online services to > > download ambiance music or videos for use in personal projects. To this > > purpose, most online services provide us an API key that is used to > > identify our app (Kdenlive) when querying their API. > > > > Does anyone have experience / advice on how to protect these API keys so > > that they are not publicly available ? Is there any KDE online service or > > framework helping to achieve that ? > > We have a similar problem in KPublicTransport. As others said, I don't think > keeping API keys secret is possible, they need to be handed out to the user > eventually after all. This already doesn't really work for closed-source > applications, and open source certainly doesn't make that any easier. > > Terms of services requiring protection of API keys are IMHO therefore mostly > wishful thinking. I have talked to the providers of two of the backends we use > in KPublicTransport about this, they understand the problem and are ok with > having the API keys in public source code. That might be the more realistic > approach. It's what I did in the context of KMyMoney and HBCI online access. It's not strictly an API key but only used as identifier for the application, but nevertheless that number is in the KDE repos after I have confirmed that it is OK. -- Regards Thomas Baumgart https://www.signal.org/ Signal, the better WhatsApp ------------------------------------------------------------- If you know what you are doing you can do whatever you want. All others learn it the hard way. -- Lars von der Brelie ------------------------------------------------------------- --nextPart2245192.NG923GbCHz Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- Comment: http://www.net-bembel.de/ iQIzBAABCgAdFiEEldM0sAUOY2HYD2VASQpC8iaztXcFAmAFtz0ACgkQSQpC8iaz tXd+6w//dyELvDkwxarjw2rLseZXaV99EwPi6pF0xEDMyJHpa19HgOP4JCeqDcOt Lq526hxqVCe2W69G1XhjeryFueJ1rHKnESwQZxoL1gfdiwQDpFp1QSpwvs3A8dNB SgC3XJ0x85S5Y5iTicxzF304Whu5/h/bksh7E6iMWFfvXIJKRcgZBCaCwsImMFq5 YQx4q4bCOeoSMlSnMbf5mduABQTx5dNFDZ9v5cv66O1C2zIBQtfq3R0s+586UOtO sd1J8dRvjh7/emF0ntDZBKMJw051MnYghDyYDHbvSWNzogOvaa6Y2cGTBeean0Vt hJMfRWkyPi1s8OQjsp4uCPlRkMsXb9VbD/j6h51mlpowapGGKhhED8mxkbZi0s6C 6C4indsTVAb4R2ppzau0T8x1/OpVj9/3eJGQieOSvsQzcHi1VOieqSP+EChzS8qX Vec9ZukRHGdr+6M3ohv3STYFtML6eITrN7k//QfgKQo3XzPigijrsJfP3lmAJNMI 0cFSuQpnaV9SsTs0asYWQqMPvP4yO9/0Gi/31uMfnHgP8pokstxgQN8CnpsrjsPp X0IEZTuvyNg1sSwigle8YIJIQ3mRlc3G0y34sDy73kjRo13Jpnmm6DfFu9K7drGO YLl6453NDyOFBWM+nMYlsgEkEXrepsalICE6Dn3oBPnUVEa4l7I= =ph9W -----END PGP SIGNATURE----- --nextPart2245192.NG923GbCHz--