The documentation and examples show an API key inline, like:
generation_api_key="your-api-key"
Even as a placeholder, this pattern encourages people to paste real keys into code, which often ends up in git history, screenshots, logs, or shared snippets.
Why this matters
- Hardcoded keys get leaked easily
- Leaked keys can be abused and create unexpected costs
- Many users copy examples verbatim
Proposed change
Update all examples to use environment variables or a secrets mechanism.
Suggested examples
Python
import os
generation_api_key = os.getenv("GENERATION_API_KEY")Acceptance criteria
- No docs show API keys inline, even as placeholders
- Docs include a short “Set your key via env var” step
- Optional: add a short note “Never commit your key” near the snippet
The documentation and examples show an API key inline, like:
generation_api_key="your-api-key"Even as a placeholder, this pattern encourages people to paste real keys into code, which often ends up in git history, screenshots, logs, or shared snippets.
Why this matters
Proposed change
Update all examples to use environment variables or a secrets mechanism.
Suggested examples
Python
Acceptance criteria