-
The vulnerable API Key we shouldn't be committing
-
CLI Command
Inspiration
After ruining numerous repositories with the simple mistake of leaving API keys visible on public repositories, we wanted to develop a tool that encrypts these vital pieces of information.
What it does
It encrypts your API keys before committing it to the git repository.
How we built it
It uses Random Forest Classifiers to help determine whether a word2vec token is an API key, and if so, encrypts the API key before committing it to the git repository. In addition, we have included different flags for our users to execute our program with such as nocommit, path, undo, commit.
Challenges we ran into
We originally tried using vector embeddings to make the look up time faster for our API keys, however it wasn't detecting the differences between API keys and other tokens within the repository.
Accomplishments that we're proud of
Training our Random Forest Classifier to 93% accuracy and finding a way to make it a really impactful CLI tool.
What we learned
We learned how Fernet encryption works, and the underlying structure of Random Forest Classifiers and how they learn.
What's next for ACRYPT
Support for asymmetric encryption, and adding a more efficient look up after detecting the API keys.
Built With
- fernet
- gensim
- javascript
- nltk
- python
Log in or sign up for Devpost to join the conversation.