deepgram-security-basics

# Deepgram Security Basics

## Overview
Implement security best practices for Deepgram API integration including key management, data protection, and access control.

## Prerequisites
- Deepgram Console access
- Understanding of environment variables
- Knowledge of secret management

## Security Checklist

- [ ] API keys stored in environment variables or secret manager
- [ ] Different keys for development/staging/production
- [ ] Key rotation schedule established
- [ ] Audit logging enabled
- [ ] Network access restricted
- [ ] Data handling compliant with regulations

## Instructions

### Step 1: Secure API Key Storage
Never hardcode API keys in source code.

### Step 2: Implement Key Rotation
Create a process for regular key rotation.

### Step 3: Set Up Access Control
Configure project-level permissions.

### Step 4: Enable Audit Logging
Track API usage and access patterns.

## Examples

### Environment Variable Configuration
```bash
# .env.example (commit this)
DEEPGRAM_API_KEY=your-api-key-here

# .env (NEVER commit this)
DEEPGRAM_API_KEY=actual-secret-key

# .gitignore
.env
.env.local
.env.*.local
```

### Secret Manager Integration (AWS)
```typescript
// lib/secrets.ts
import { SecretsManager } from '@aws-sdk/client-secrets-manager';

const client = new SecretsManager({ region: 'us-east-1' });

let cachedKey: string | null = null;
let cacheExpiry = 0;

export async function getDeepgramKey(): Promise<string> {
  // Use cached key if not expired
  if (cachedKey && Date.now() < cacheExpiry) {
    return cachedKey;
  }

  const response = await client.getSecretValue({
    SecretId: 'deepgram/api-key',
  });

  if (!response.SecretString) {
    throw new Error('Deepgram API key not found in Secrets Manager');
  }

  const secret = JSON.parse(response.SecretString);
  cachedKey = secret.DEEPGRAM_API_KEY;
  cacheExpiry = Date.now() + 300000; // 5 minute cache

  return cachedKey!;
}
```

### Secret Manager Integration (GCP)
```typescript
// lib/secrets-gcp.ts
impor