Apply Fireflies.ai security best practices for secrets and access control.
Use when securing API keys, implementing least privilege access,
or auditing Fireflies.ai security configuration.
Trigger with phrases like "fireflies security", "fireflies secrets",
"secure fireflies", "fireflies API key security".
#!/bin/bash
# .git/hooks/pre-commit
if git diff --cached --name-only | xargs grep -l 'FIREFLIES_API_KEY\s*=' 2>/dev/null; then
echo "ERROR: Potential API key in commit. Remove before committing."
exit 1
fi
Fireflies supports these privacy levels via updateMeetingPrivacy:
Level
Access
owner
Only meeting organizer
participants
Only meeting participants
teammatesandparticipants
Workspace members + participants
teammates
All workspace members
link
Anyone with the link
// Lock a transcript to participants only
await firefliesQuery(`
mutation($id: String!, $privacy: String!) {
updateMeetingPrivacy(transcript_id: $id, privacy_level: $privacy)
}
`, { id: "transcript-id", privacy: "participants" });
Step 6: API Key Rotation
set -euo pipefail
# 1. Generate new key in Fireflies dashboard (Integrations > Fireflies API)
# 2. Test new key
curl -s -X POST https://api.fireflies.ai/graphql \
-H "Authorization: Bearer $NEW_KEY" \
-H "Content-Type: application/json" \
-d '{"query": "{ user { email } }"}' | jq '.data.user.email'
# 3. Update environment/secret store
# 4. Verify production
# 5. Old key is automatically invalidated when new one is generated
Security Checklist
API key in environment variables, not code
.env files in .gitignore
Webhook signatures verified with HMAC-SHA256
Webhook secret is 16-32 characters
Transcript privacy set to participants or stricter