📄 中文摘要
Gemini 和谷歌地图等服务共享相同的 API 密钥,但谷歌地图的 API 密钥设计为公开使用,直接嵌入网页中。而 Gemini 的 API 密钥则可以访问私有文件并进行计费请求,因此绝对不应共享。由于这一点,用户很容易在已经存在的公共 API 密钥上意外启用 Gemini 计费。这种情况的发生并非简单的配置错误,而是由于事件的顺序导致了特权提升。
谷歌 API 密钥曾不是秘密,但 Gemini 改变了规则
出处: Google API Keys Weren't Secrets. But then Gemini Changed the Rules.
发布: 2026年2月26日
📄 English Summary
Google API Keys Weren't Secrets. But then Gemini Changed the Rules.
Gemini and Google Maps share the same API keys, but Google Maps API keys are intended for public use, as they are embedded directly in web pages. In contrast, Gemini API keys can access private files and make billable API requests, making it crucial that they are not shared. This situation poses a risk, as users may inadvertently enable Gemini billing on existing public API keys. The nature of this issue is characterized as privilege escalation rather than mere misconfiguration, stemming from the sequence of events.