Apply Ideogram security best practices for secrets and access control. Use when securing API keys, implementing least privilege access, or auditing Ideogram security configuration. Trigger with phrases like "ideogram security", "ideogram secrets", "secure ideogram", "ideogram API key security".
Applies security best practices for Ideogram API keys, secrets, and access control.
/plugin marketplace add jeremylongshore/claude-code-plugins-plus-skills/plugin install ideogram-pack@claude-code-plugins-plusThis skill is limited to using the following tools:
Security best practices for Ideogram API keys, tokens, and access control.
# .env (NEVER commit to git)
IDEOGRAM_API_KEY=sk_live_***
IDEOGRAM_SECRET=***
# .gitignore
.env
.env.local
.env.*.local
# 1. Generate new key in Ideogram dashboard
# 2. Update environment variable
export IDEOGRAM_API_KEY="new_key_here"
# 3. Verify new key works
curl -H "Authorization: Bearer ${IDEOGRAM_API_KEY}" \
https://api.ideogram.com/health
# 4. Revoke old key in dashboard
| Environment | Recommended Scopes |
|---|---|
| Development | read:* |
| Staging | read:*, write:limited |
| Production | Only required scopes |
| Security Issue | Detection | Mitigation |
|---|---|---|
| Exposed API key | Git scanning | Rotate immediately |
| Excessive scopes | Audit logs | Reduce permissions |
| Missing rotation | Key age check | Schedule rotation |
const clients = {
reader: new IdeogramClient({
apiKey: process.env.IDEOGRAM_READ_KEY,
}),
writer: new IdeogramClient({
apiKey: process.env.IDEOGRAM_WRITE_KEY,
}),
};
import crypto from 'crypto';
function verifyWebhookSignature(
payload: string, signature: string, secret: string
): boolean {
const expected = crypto.createHmac('sha256', secret).update(payload).digest('hex');
return crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));
}
.env files in .gitignoreinterface AuditEntry {
timestamp: Date;
action: string;
userId: string;
resource: string;
result: 'success' | 'failure';
metadata?: Record<string, any>;
}
async function auditLog(entry: Omit<AuditEntry, 'timestamp'>): Promise<void> {
const log: AuditEntry = { ...entry, timestamp: new Date() };
// Log to Ideogram analytics
await ideogramClient.track('audit', log);
// Also log locally for compliance
console.log('[AUDIT]', JSON.stringify(log));
}
// Usage
await auditLog({
action: 'ideogram.api.call',
userId: currentUser.id,
resource: '/v1/resource',
result: 'success',
});
For production deployment, see ideogram-prod-checklist.
Expert guidance for Next.js Cache Components and Partial Prerendering (PPR). **PROACTIVE ACTIVATION**: Use this skill automatically when working in Next.js projects that have `cacheComponents: true` in their next.config.ts/next.config.js. When this config is detected, proactively apply Cache Components patterns and best practices to all React Server Component implementations. **DETECTION**: At the start of a session in a Next.js project, check for `cacheComponents: true` in next.config. If enabled, this skill's patterns should guide all component authoring, data fetching, and caching decisions. **USE CASES**: Implementing 'use cache' directive, configuring cache lifetimes with cacheLife(), tagging cached data with cacheTag(), invalidating caches with updateTag()/revalidateTag(), optimizing static vs dynamic content boundaries, debugging cache issues, and reviewing Cache Component implementations.