| Version | Supported |
|---|---|
| 0.1.x | ✅ |
If you discover a security vulnerability within Flow TTS, please report it by:
- DO NOT create a public GitHub issue for security vulnerabilities
- Send an email to the project maintainers with details of the vulnerability
- Include steps to reproduce the issue if possible
- Allow reasonable time for the issue to be addressed before public disclosure
- Type of vulnerability (e.g., injection, authentication bypass, etc.)
- Full paths of source file(s) related to the vulnerability
- Location of the affected source code (tag/branch/commit or direct URL)
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue and how an attacker might exploit it
- Initial response: Within 48 hours
- Status update: Within 7 days
- Resolution target: Within 30 days for critical issues
- Never commit API credentials to version control
- Use environment variables or secure secret management systems
- Rotate credentials regularly
- Use the minimum necessary permissions for API credentials
# Python - Use environment variables
import os
from flow_tts import FlowTTS
client = FlowTTS(
secret_id=os.environ["TX_SECRET_ID"],
secret_key=os.environ["TX_SECRET_KEY"],
sdk_app_id=os.environ["TRTC_SDK_APP_ID"]
)// Go - Use environment variables
client := flowtts.New(flowtts.Config{
SecretID: os.Getenv("TX_SECRET_ID"),
SecretKey: os.Getenv("TX_SECRET_KEY"),
SDKAppID: os.Getenv("TRTC_SDK_APP_ID"),
})This project uses:
- Gitleaks: Scans for secrets in commits
- CodeQL: Static analysis for security vulnerabilities
- Dependabot: Automated dependency updates
All PRs must pass security checks before merging.