Verso Day 8 — I found exposed API keys during a security audit. Here is what I did.

Day 8 of building Verso (projectoye.com)

A workspace OS that brings Notes, Spreadsheets, Presentations, and an AI-native IDE into one environment.

Today did not go as planned.

I

ran a security audit on the APIs and found that OpenAI keys were exposed. The whole day turned into a deep audit — checking every endpoint, every environment variable, every place a key could leak.

Not the day I wanted. Exactly the day I needed.

For anyone building AI-native products:
How are you managing API key security across dev, staging, and production environments?

• Secrets manager

• Env variables

• Something else?

Would genuinely love to hear what others are doing.

→ projectoye.com