Spaces:
Sleeping
Public Deployment Guide - Character Forge
β Your Space is Now SECURE for Public Use!
Space URL: https://huggingface.co/spaces/ghmk/character_forge
π Security Configuration (Option 1 - Public, User Keys)
β What You Did Right:
- Deployed to HuggingFace Spaces
- Chose public visibility
- Did NOT add GEMINI_API_KEY to Repository Secrets
β What This Means:
- Your cost: $0 (users provide their own API keys)
- Security: Each user's API key stays in THEIR session only
- Scalability: Unlimited users, zero risk to you
- Privacy: Users control their own data
π« What NOT to Do
β DON'T Add This to HuggingFace Secrets:
Settings β Repository Secrets:
DO NOT ADD:
Name: GEMINI_API_KEY
Value: [your key]
β This would make ALL users use YOUR key!
β You would pay for everyone's usage!
β Your costs could be unlimited!
π₯ How It Works for Users
User Experience:
User visits your Space β https://huggingface.co/spaces/ghmk/character_forge
They see a warning banner β "β οΈ API Key Required"
They click the link to get a free key β https://aistudio.google.com/app/apikey
They enter their key in the sidebar β Their key is stored in THEIR session only
They start generating β Using their own API quota β You pay nothing!
π Privacy Guarantees
Session Isolation:
User A's Browser
β
Session A (API Key: abc123)
β
Isolated
User B's Browser
β
Session B (API Key: xyz789)
β
Isolated
β Keys NEVER cross sessions
β Users can't see each other's keys
β No sharing, no logging, no storage
How We Know It's Secure:
Code Evidence:
# File: character_forge_image/app.py, Line 40-41
if 'gemini_api_key' not in st.session_state:
st.session_state.gemini_api_key = Settings.get_gemini_api_key()
Streamlit Guarantee:
st.session_stateis per-connection- Each browser tab = new session
- Sessions isolated by Streamlit framework
- Documented: https://docs.streamlit.io/library/api-reference/session-state
π Cost Analysis
Public Space, User Keys (Your Current Setup):
| Metric | Your Cost | User Cost |
|---|---|---|
| Hosting | $0 (HF Free CPU) | - |
| API Usage | $0 | Their own key |
| Bandwidth | $0 (HF included) | - |
| TOTAL | $0/month | ~$0.03/image |
Alternative (NOT Recommended):
| Metric | Your Cost | User Cost |
|---|---|---|
| Hosting | $0 (HF Free CPU) | - |
| API Usage | UNLIMITED π± | $0 |
| Abuse Risk | HIGH π¨ | - |
| TOTAL | $???,??? | $0 |
Your choice = SMART! π
π― User Instructions to Share
Copy this and share with your users:
How to Use Character Forge (For Users):
Visit the Space https://huggingface.co/spaces/ghmk/character_forge
Get a FREE Gemini API Key
- Go to https://aistudio.google.com/app/apikey
- Click "Create API Key"
- Copy the key (starts with
AIza...)
Enter Your Key
- Look at the sidebar in Character Forge
- Find "Gemini API Key" field
- Paste your key
- It's saved in YOUR session only (not shared!)
Start Generating!
- Character Forge: Turn 1 image β complete character sheet
- Composition Assistant: Combine multiple images
- Standard Interface: Text/image to image
Cost: FREE tier (15 req/min, 1500/day) or ~$0.03/image
π οΈ Maintenance
What to Monitor:
HuggingFace Space Status:
- Check: https://huggingface.co/spaces/ghmk/character_forge
- Should show: "Running" with green indicator
- Build logs: Check for errors
What You DON'T Need to Monitor:
- β API costs (users pay their own)
- β Usage limits (each user has their own)
- β Abuse (users can only use their own keys)
Updates:
When you want to update the app:
cd D:/hu/character_forge
# Make your changes
git add .
git commit -m "Your update message"
git push origin main
HuggingFace will automatically rebuild and redeploy!
π Troubleshooting
"App is loading forever"
- Check build logs on HuggingFace
- Likely: Dockerfile or dependency issue
- Solution: Check logs, fix error, push update
"Invalid API Key" error
- User's problem, not yours!
- Their key is wrong/expired
- They need to get a new key from Google
"App crashed"
- Check HuggingFace Space logs
- Restart the Space if needed
- Most crashes = user input issues (handled gracefully)
β Verification Checklist
Confirm your setup is secure:
- Space is public β
- NO
GEMINI_API_KEYin Repository Secrets β - Users see warning banner when no key entered β
- Users can enter their own key in sidebar β
- Generated images work when user provides key β
- App shows helpful link to get API key β
- SECURITY.md file committed β
- README.md updated with security info β
All checked? You're ready! π
π Support
For You (Space Owner):
- Security issues: gk@ghmk.de
- HuggingFace issues: https://huggingface.co/support
For Users:
- Usage questions: Comment on your HuggingFace Space
- API key issues: https://aistudio.google.com/
- Bug reports: Your Space's discussion tab
π Success Metrics
Your deployment is successful when:
β Space is publicly accessible β Users can get their own API keys β Users can generate images β Your costs remain $0 β No security incidents β Happy users generating character sheets!
Current Status: β DEPLOYED & SECURE Cost: $0/month Risk: None (users provide own keys) Next: Share your Space URL and enjoy!