deepgram-security-basics

Deepgram Security Basics

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "deepgram-security-basics" with this command: npx skills add jeremylongshore/claude-code-plugins-plus-skills/jeremylongshore-claude-code-plugins-plus-skills-deepgram-security-basics

Deepgram Security Basics

Table of Contents

  • Overview

  • Prerequisites

  • Instructions

  • Output

  • Error Handling

  • Examples

  • Resources

Overview

Implement security best practices for Deepgram API integration including key management, scoped permissions, key rotation, data protection (encryption at rest, PII redaction), and audit logging.

Prerequisites

  • Deepgram Console access

  • Understanding of environment variables

  • Knowledge of secret management (AWS Secrets Manager or GCP Secret Manager)

Security Checklist

  • API keys stored in environment variables or secret manager

  • Different keys for development/staging/production

  • Key rotation schedule established (90-day expiry recommended)

  • Scoped API keys with minimal permissions

  • Audit logging enabled

  • Network access restricted (HTTPS only, no private IPs)

  • Transcript data encrypted at rest

Instructions

Step 1: Secure API Key Storage

Never hardcode keys. Use .env locally (gitignored) and secret managers in cloud environments.

Step 2: Create Scoped Keys

Create separate keys with minimal permissions: listen:* for transcription, manage:* for admin, usage:read for monitoring.

Step 3: Implement Key Rotation

Set up 90-day automated rotation: create new key, validate it, update secret manager, schedule old key deletion.

Step 4: Sanitize Inputs

Validate audio URLs (HTTPS only, block localhost/private IPs). Sanitize transcript responses to allowed fields only.

Step 5: Encrypt Transcripts at Rest

Use AES-256-GCM for transcript storage encryption. Implement PII redaction for credit cards, SSNs, phone numbers, and emails.

Step 6: Enable Audit Logging

Log all transcription operations with userId, ipAddress, success status, and duration.

Output

  • Secret manager integration (AWS/GCP)

  • Key rotation automation

  • Scoped API key configuration

  • Request sanitization (URL and response)

  • AES-256-GCM encryption/decryption for transcripts

  • PII redaction patterns

  • Audit logging service

Error Handling

Issue Cause Resolution

401 after rotation Old key still cached Clear key cache, restart services

Private IP blocked SSRF attempt Validate URL against blocklist

Decryption fails Wrong key or corrupt data Check encryption key, verify auth tag

Audit gaps Logger misconfigured Verify audit middleware on all routes

Examples

Environment Setup

.env (NEVER commit)

DEEPGRAM_API_KEY=actual-secret-key

.gitignore

.env .env.local

See detailed implementation for advanced patterns.

Resources

  • Deepgram Security Overview

  • API Key Management

  • HIPAA Compliance

  • SOC 2 Compliance

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

xss-vulnerability-scanner

No summary provided by upstream source.

Repository SourceNeeds Review
-44
jeremylongshore
Security

cookie-security-analyzer

No summary provided by upstream source.

Repository SourceNeeds Review
-41
jeremylongshore
Security

session-security-checker

No summary provided by upstream source.

Repository SourceNeeds Review
-41
jeremylongshore