James Salsman • about 2 years ago
Submit API keys?
In section 11 of the Official Rules, it says, "Google shall have the right to use, reproduce, publicly perform, and publicly display the Code in connection with the advertising and promotion of the Contest and the Code, via communication to the public...." Are we expected to submit our Gemini CLIENT_SECRET and other necessary API keys or will Google supply their own?
Comments are closed.
4 comments
Dani Ratner Manager • about 2 years ago
Hi James, you will need to provide this. Let us know if you have additional questions.
Robert Oschler • about 2 years ago
Hi Dani and James. Do you really want him to put his secret credentials in his GitHub repo, given that the repo has to be public?
James Salsman • about 2 years ago
We can make credentials based on a service account limited to the necessary API(s), but those keys can still be abused in ways which could put all the entrants' other Google accounts (Gmail, Android services, etc.) at risk. While a reasonable compromise might seem to be to proxy the API calls through a private server, that solution is open to the same kinds of attacks. Can't we just have some standard environment variable names and some Google service accounts for the judges?
Robert Oschler • about 2 years ago
I second the suggestion proposed by James.