Read the AI API key also from an environment variable

Change-Id: If18fd025ab2ef68a3690f8a69d1c8894e44a87ef Signed-off-by: Cosmin Cojocar <[email protected]>
securego · Aug 18, 2024 · dd5e3ff · dd5e3ff
1 parent 56f943b
commit dd5e3ff
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -279,7 +279,8 @@ gosec can suggest fixes based on AI recommendation. It will call an AI API to re
 
 You can enable this feature by providing the following command line arguments:
 - `ai-api-provider`: the name of the AI API provider, currently only `gemini`is supported.
-- `ai-api-key`: the key to access the AI API, For gemini, you can create an API key following [these instructions](https://ai.google.dev/gemini-api/docs/api-key).
+- `ai-api-key` or set the environment variable `GOSEC_AI_API_KEY`: the key to access the AI API,
+For gemini, you can create an API key following [these instructions](https://ai.google.dev/gemini-api/docs/api-key).
 - `ai-endpoint`: the endpoint of the AI provider, this is optional argument.
 
 

diff --git a/cmd/gosec/main.go b/cmd/gosec/main.go
@@ -59,6 +59,8 @@ USAGE:
 	$ gosec -exclude=G101 $GOPATH/src/github.com/example/project/...
 
 `
+	// Environment variable for AI API key.
+	aiApiKeyEnv = "GOSEC_AI_API_KEY"
 )
 
 type arrayFlags []string
@@ -468,8 +470,12 @@ func main() {
 	reportInfo := gosec.NewReportInfo(issues, metrics, errors).WithVersion(Version)
 
 	// Call AI request to solve the issues
-	if *flagAiApiProvider != "" && *flagAiApiKey != "" {
-		err := autofix.GenerateSolution(*flagAiApiProvider, *flagAiApiKey, *flagAiEndpoint, issues)
+	aiApiKey := os.Getenv(aiApiKeyEnv)
+	if aiApiKeyEnv == "" {
+		aiApiKey = *flagAiApiKey
+	}
+	if *flagAiApiProvider != "" && aiApiKey != "" {
+		err := autofix.GenerateSolution(*flagAiApiProvider, aiApiKey, *flagAiEndpoint, issues)
 		if err != nil {
 			logger.Print(err)
 		}