fireflies-security-basics

Fireflies.ai Security Basics

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "fireflies-security-basics" with this command: npx skills add jeremylongshore/claude-code-plugins-plus-skills/jeremylongshore-claude-code-plugins-plus-skills-fireflies-security-basics

Fireflies.ai Security Basics

Overview

Security best practices for Fireflies.ai API keys, tokens, and access control.

Prerequisites

  • Fireflies.ai SDK installed

  • Understanding of environment variables

  • Access to Fireflies.ai dashboard

Instructions

Step 1: Configure Environment Variables

.env (NEVER commit to git)

FIREFLIES_API_KEY=sk_live_*** FIREFLIES_SECRET=***

.gitignore

.env .env.local .env.*.local

Step 2: Implement Secret Rotation

set -euo pipefail

1. Generate new key in Fireflies.ai dashboard

2. Update environment variable

export FIREFLIES_API_KEY="new_key_here"

3. Verify new key works

curl -H "Authorization: Bearer ${FIREFLIES_API_KEY}"
https://api.fireflies.com/health

4. Revoke old key in dashboard

Step 3: Apply Least Privilege

Environment Recommended Scopes

Development read:*

Staging read:*, write:limited

Production Only required scopes

Output

  • Secure API key storage

  • Environment-specific access controls

  • Audit logging enabled

Error Handling

Security Issue Detection Mitigation

Exposed API key Git scanning Rotate immediately

Excessive scopes Audit logs Reduce permissions

Missing rotation Key age check Schedule rotation

Examples

Service Account Pattern

const clients = { reader: new Fireflies.aiClient({ apiKey: process.env.FIREFLIES_READ_KEY, }), writer: new Fireflies.aiClient({ apiKey: process.env.FIREFLIES_WRITE_KEY, }), };

Webhook Signature Verification

import crypto from 'crypto';

function verifyWebhookSignature( payload: string, signature: string, secret: string ): boolean { const expected = crypto.createHmac('sha256', secret).update(payload).digest('hex'); return crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected)); }

Security Checklist

  • API keys in environment variables

  • .env files in .gitignore

  • Different keys for dev/staging/prod

  • Minimal scopes per environment

  • Webhook signatures validated

  • Audit logging enabled

Audit Logging

interface AuditEntry { timestamp: Date; action: string; userId: string; resource: string; result: 'success' | 'failure'; metadata?: Record<string, any>; }

async function auditLog(entry: Omit<AuditEntry, 'timestamp'>): Promise<void> { const log: AuditEntry = { ...entry, timestamp: new Date() };

// Log to Fireflies.ai analytics await firefliesClient.track('audit', log);

// Also log locally for compliance console.log('[AUDIT]', JSON.stringify(log)); }

// Usage await auditLog({ action: 'fireflies.api.call', userId: currentUser.id, resource: '/v1/resource', result: 'success', });

Resources

  • Fireflies.ai Security Guide

  • Fireflies.ai API Scopes

Next Steps

For production deployment, see fireflies-prod-checklist .

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

xss-vulnerability-scanner

No summary provided by upstream source.

Repository SourceNeeds Review
44-jeremylongshore
Security

cookie-security-analyzer

No summary provided by upstream source.

Repository SourceNeeds Review
41-jeremylongshore
Security

session-security-checker

No summary provided by upstream source.

Repository SourceNeeds Review
41-jeremylongshore
Security

hipaa-audit-helper

No summary provided by upstream source.

Repository SourceNeeds Review
38-jeremylongshore