Never commit credentials to this repository.

The rst2kb tool requires an Open WebUI API key to upload files. This key must be provided via environment variables:

export OPENWEBUI_API_KEY="your-api-key-here"

• OPENWEBUI_API_KEY - Your Open WebUI API bearer token (required for upload mode)
• OPENWEBUI_URL - Open WebUI base URL (optional, defaults to http://localhost:3000)

1. Use environment variables - Never hardcode API keys in scripts or configuration files
2. Use .env files locally - Add .env to .gitignore and use a .env.example as a template
3. Rotate keys regularly - If you suspect a key has been exposed, rotate it immediately
4. Use least privilege - Create API keys with minimal required permissions

Consider installing a pre-commit hook to prevent accidental commits of secrets:

pip install pre-commit
cat > .pre-commit-config.yaml << 'EOF'
repos:
  - repo: https://github.com/Yelp/detect-secrets
    rev: v1.4.0
    hooks:
      - id: detect-secrets
EOF
pre-commit install

If you discover a security vulnerability, please open an issue (if public) or contact the maintainers directly (if sensitive).