OpenAPI key compromised

I have my openAPI key as an environment variable in my space, and it’s being used by someone else.

I’ve rotated the keys but still the API key was compromised.

Can anyone access my environment variables?

hi @pradhann,

I’m sorry this is happening to you. Please note the difference: Variables are public environment variables, so if someone duplicates your space, that variable can be reused or modified. Secrets are environment variables that are not shared or made public. Please revoke your OpenAI token, delete that variable, and create a new secret.

more: Spaces Overview.