If you've found a security issue in this repo (leaked secrets, unsafe code patterns in examples), open a GitHub issue with the security label.

If you've found a vulnerability in the NoLimitNodes streaming service itself, do not open a public issue. Email security@nolimitnodes.com directly.

• Test API keys that appear in examples are deliberate — they are throwaway keys on capped test accounts
• Streams contain public on-chain data; no private user data flows through these pipes
• TLS trust relies on the system / webpki truststore, which is the expected model for a public gRPC endpoint

When you use this reference code in production:

• Store NLN_API_KEY in a secrets manager (AWS Secrets Manager, Doppler, Vault, k8s Secret), never in a config file
• Rotate API keys on a schedule (every 90 days is a reasonable default)
• Limit the IPs or service accounts that can read the secret
• Monitor your key's request / stream counts in the NoLimitNodes dashboard — unexpected spikes often mean a leaked key