Skip to content

pangeacyber/secure-chatgpt

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

291 Commits
.devcontainer
.devcontainer
 
 
.github
.github
 
 
.vscode
.vscode
 
 
assets
assets
 
 
public
public
 
 
src
src
 
 
.env.example
.env.example
 
 
.eslintrc.json
.eslintrc.json
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
components.json
components.json
 
 
next.config.js
next.config.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
postcss.config.js
postcss.config.js
 
 
tailwind.config.ts
tailwind.config.ts
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

Secure ChatGPT

Overview

This app simulates the chatGPT experience with additional security features. It uses Pangea's robust set of security APIs such as:

We also use OpenAI's advanced ChatGPT API to create a more secure version of the familiar chatGPT experience.

This codebase was built using NextJS's ChatBot template, Pangea's APIs, and Open AI's GPT API.

Getting Started

Pre Reqs Check

In order to run this application you are going to need:

  • Node
  • OpenAI
  • Pangea Account

OpenAI API Key

If you are comfortable using a credit card, follow these instructions below.

  1. Create an account to sign in to OpenAI

  1. Once signed in, this link will begin the flow to create an API Token.

3. Name your token. 4. Copy the API Key and save it somewhere. We will not be able to access it again.

Enable Pangea Services

  1. Create and sign into your Pangea account

  1. Once you land on the Pangea User Console, You can see AuthN, Secure Audit Log, Redact, and Vault on the left.

  2. Select AuthN to enable and begin the token creation process. While creating the token, you can enable it for all the services we are going to require for this application: AuthN, Redact, Secure Audit Log, and Vault.

  1. Landing on the AuthN Service Overview page you'll see all the token information you will need from Pangea to run the application. Copy these values into a note pad or keep this page open.

  2. Go to the Redirects tab and add the necessary redirect. If running this in codespace, it's the url of your codespace running instance. If running this app locally, add http://localhost:3000 to the redirect list. This is also go to a good time to go to General Settings and decide what methods of Login or MFA you need for your application. On first run it is recommended to do this in a bare bones way.

NOTE: By going to Customize > View project branding, you'll be able to customize your login page

  1. Go to back to the Main Menu and then navigate to Redact > Rulesets. This is where you will be able to configure what gets redacted and how. For the demo, it's recommended that we enable redaction for:

    • PII: email address and phone number
    • US Identification Numbers: US Social Security Number

  2. Enable Secure Audit Log with the following configuration

    • session_id: Short or Long String
    • timestamp: Timestamp
    • actor: Short or Long String
    • user_id: Long String
    • message: Long String

NOTE: You find find this configured in src>lib>auditLog.ts

First Run

  1. Copy the appropriate values into the .env file.

    • OPEN AI API Token
    • Pangea Service Token
    • Pangea Domain
    • Pangea AuthN Client Token
    • Pangea Hosted Login URL

  2. Let's run the development server:

npm run dev
# or
yarn dev
# or
pnpm dev

Open http://localhost:3000 with your browser to see the result.

You can start editing the page by modifying pages/index.tsx. The page auto-updates as you edit the file.

API routes can be accessed on http://localhost:3000/api/hello. This endpoint can be edited in pages/api/hello.ts.

The pages/api directory is mapped to /api/*. Files in this directory are treated as API routes instead of React pages.

This project uses next/font to automatically optimize and load Inter, a custom Google Font.

Migrate Secrets to Pangea CLI

If you wanted to get rid of the .env code, we can leverage the Pangea CLI to migrate the secrets to the Pangea Vault. Then when we run the application, the we will pull down the appropriate secrets from the Pangea Vault. Remember to enable Vault in your Pangea User Console.

For the full documentation please go the the Pangea CLI github

Login to the Pangea CLI

pangea login –no-browser

Next we create a folder within the Vault to hold our application's secrets

pangea create​

Then we migrate the secrets in our .env file to the new folder in the Pangea Vault

pangea migrate -f .env​

Now in order to run the application, we add 'pangea run -c' before the command in order to pull down the secret values.

pangea run -c npm run dev

Learn More

To learn more about Next.js, take a look at the following resources:

You can check out the Next.js GitHub repository - your feedback and contributions are welcome!

Deploy on Vercel

The easiest way to deploy your Next.js app is to use the Vercel Platform from the creators of Next.js.

Check out our Next.js deployment documentation for more details.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

17 stars

Watchers

10 watching

Forks

5 forks
Report repository

Contributors 5

Languages