{"id":27520602,"url":"https://github.com/hi120ki/openaikeyserver","last_synced_at":"2026-04-25T21:33:38.016Z","repository":{"id":286619796,"uuid":"961981759","full_name":"hi120ki/openaikeyserver","owner":"hi120ki","description":"A server application that generates temporary OpenAI API keys for authorized users through Google OAuth2 authentication","archived":false,"fork":false,"pushed_at":"2025-12-04T11:31:42.000Z","size":62,"stargazers_count":1,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-12-07T19:32:26.477Z","etag":null,"topics":["ai","aisecurity","openai","security"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hi120ki.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-04-07T13:21:59.000Z","updated_at":"2025-12-04T11:30:52.000Z","dependencies_parsed_at":"2025-12-05T10:02:35.949Z","dependency_job_id":null,"html_url":"https://github.com/hi120ki/openaikeyserver","commit_stats":null,"previous_names":["hi120ki/openaikeyserver"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/hi120ki/openaikeyserver","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hi120ki%2Fopenaikeyserver","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hi120ki%2Fopenaikeyserver/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hi120ki%2Fopenaikeyserver/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hi120ki%2Fopenaikeyserver/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hi120ki","download_url":"https://codeload.github.com/hi120ki/openaikeyserver/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hi120ki%2Fopenaikeyserver/sbom","scorecard":{"id":1240295,"data":{"date":"2025-07-15T07:37:27Z","repo":{"name":"github.com/hi120ki/openaikeyserver","commit":"23ef344374551e0507b8c90b28a7ce6162a0e819"},"scorecard":{"version":"v5.0.0","commit":"ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4"},"score":5.2,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":7,"reason":"3 out of 4 merged PRs checked by a CI test -- score normalized to 7","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#ci-tests"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#cii-best-practices"}},{"name":"Code-Review","score":0,"reason":"Found 1/13 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#code-review"}},{"name":"Contributors","score":3,"reason":"project has 1 contributing companies or organizations -- score normalized to 3","details":["Info: wani-hackase contributor org/company found, "],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#contributors"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#dangerous-workflow"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#dependency-update-tool"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#license"}},{"name":"Maintained","score":1,"reason":"2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":10,"reason":"all dependencies are pinned","details":["Info:  11 out of  11 GitHub-owned GitHubAction dependencies pinned","Info:   8 out of   8 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":9,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 15 commits out of 17 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#sast"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#signed-releases"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:31","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:32","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/scorecards.yml:33","Info: jobLevel 'checks' permission set to 'read': .github/workflows/scorecards.yml:35","Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecards.yml:29","Info: jobLevel 'actions' permission set to 'read': .github/workflows/scorecards.yml:30","Info: jobLevel 'issues' permission set to 'read': .github/workflows/scorecards.yml:32","Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:24","Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency-review.yml:13","Warn: no topLevel permission defined: .github/workflows/go.yml:1","Info: topLevel permissions set to 'read-all': .github/workflows/scorecards.yml:18","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#token-permissions"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-12-08T16:20:44.708Z","repository_id":286619796,"created_at":"2025-12-08T16:20:44.709Z","updated_at":"2025-12-08T16:20:44.709Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32278249,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-25T18:29:39.964Z","status":"ssl_error","status_checked_at":"2026-04-25T18:29:32.149Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","aisecurity","openai","security"],"created_at":"2025-04-18T06:47:10.983Z","updated_at":"2026-04-25T21:33:38.001Z","avatar_url":"https://github.com/hi120ki.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# OpenAI Key Server\n\nA server application that generates temporary OpenAI API keys for authorized users through Google OAuth2 authentication.\n\n[![codecov](https://codecov.io/gh/hi120ki/openaikeyserver/branch/main/graph/badge.svg)](https://codecov.io/gh/hi120ki/openaikeyserver)\n\n![Image](https://github.com/user-attachments/assets/20d8f5a0-7c7c-499f-b7c3-313e541826aa)\n\n## Overview\n\nThis application provides a secure way to generate temporary OpenAI API keys for authorized users. It uses Google OAuth2 for authentication and the OpenAI Management API to create and manage API keys. Keys older than specified expiration time (default 24 hours) are automatically cleaned up.\n\nThe server provides a simple web interface for users to retrieve their keys. The application is designed to be easy to set up and use, making it ideal for personal projects or small teams.\n\n## Features\n\n- Google OAuth2 authentication\n- OIDC verification\n- Authorized user access control\n- Automatic API key cleanup (keys older than specified expiration time, runs every cleanup interval, default 1 hour)\n- Simple web interface for key retrieval\n\n## Environment Variables\n\n| Variable                | Description                                                           | Required | Default          |\n| ----------------------- | --------------------------------------------------------------------- | -------- | ---------------- |\n| `ALLOWED_USERS`         | Comma-separated list of email addresses allowed to access the service | No\\*     | -                |\n| `ALLOWED_DOMAINS`       | Comma-separated list of domains allowed to access the service         | No\\*     | -                |\n| `OPENAI_MANAGEMENT_KEY` | OpenAI Management API key                                             | Yes      | -                |\n| `CLIENT_ID`             | Google OAuth2 client ID                                               | Yes      | -                |\n| `CLIENT_SECRET`         | Google OAuth2 client secret                                           | Yes      | -                |\n| `REDIRECT_URI`          | OAuth2 redirect URI                                                   | Yes      | -                |\n| `DEFAULT_PROJECT_NAME`  | Default OpenAI project name                                           | No       | \"personal\"       |\n| `PORT`                  | Server port                                                           | No       | \"8080\"           |\n| `EXPIRATION`            | Key expiration time in seconds                                        | No       | 86400 (24 hours) |\n| `CLEANUP_INTERVAL`      | Key cleanup interval in seconds                                       | No       | 3600 (1 hour)    |\n| `TIMEOUT`               | HTTP client timeout in seconds                                        | No       | 10               |\n\n\\*Note: Either `ALLOWED_USERS` or `ALLOWED_DOMAINS` (or both) must be set.\n\n## Installation\n\n### Prerequisites\n\n- Go 1.24 or higher\n- OpenAI Management API key\n- Google Cloud OAuth2 credentials\n\n### Setup\n\n1. Clone the repository\n2. Create a `.env` file with the required environment variables\n3. Run the application:\n\n```bash\ngo run main.go\n```\n\n## Usage\n\n1. Access the server at `http://localhost:8080` (or your configured port)\n2. You will be redirected to Google's OAuth2 consent page\n3. After authentication, if your email is in the allowed users list or your email domain is in the allowed domains list, you'll receive a temporary OpenAI API key\n4. The key will be valid for the specified expiration time (default 24 hours)\n5. The server will automatically clean up keys older than the expiration time (cleanup runs every hour by default)\n\n## OpenAI Management Key Guide\n\nThe OpenAI Management Key is required to create and manage API keys programmatically. Here's how to obtain one:\n\n1. Log in to the [OpenAI Platform](https://platform.openai.com/)\n2. Navigate to the [Admin keys section](https://platform.openai.com/settings/organization/admin-keys)\n3. Click on \"Create new Admin key\"\n4. Give your key a name and click \"Create admin key\"\n5. Copy the key (it will only be shown once) and add it to your `.env` file as `OPENAI_MANAGEMENT_KEY`\n\nNote: Management keys have elevated permissions and should be kept secure. They can create, list, and delete API keys for your organization.\n\n## Google Cloud OAuth2 Client Setup Guide\n\nTo set up Google OAuth2 authentication:\n\n1. Go to the [Google Cloud Console](https://console.cloud.google.com/)\n2. Create a new project or select an existing one\n3. Navigate to \"APIs \u0026 Services\" \u003e \"Credentials\"\n4. Click \"Create Credentials\" and select \"OAuth client ID\"\n5. Select \"Web application\" as the application type\n6. Add a name for your OAuth client\n7. Add authorized redirect URIs (e.g., `http://localhost:8080/oauth2/callback`)\n8. Click \"Create\"\n9. Copy the Client ID and Client Secret\n10. Add them to your `.env` file as `CLIENT_ID` and `CLIENT_SECRET`\n11. Also set your redirect URI in the `.env` file as `REDIRECT_URI`\n\n## License\n\nMIT License\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhi120ki%2Fopenaikeyserver","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhi120ki%2Fopenaikeyserver","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhi120ki%2Fopenaikeyserver/lists"}