PostHog Security Basics

Overview

Secure PostHog API key management, least-privilege access, and secret rotation. PostHog has two key types with very different security profiles: the Project API Key (phc_...) is intentionally public and safe to include in frontend bundles, while the Personal API Key (phx_...) grants admin access and must never be exposed.

Prerequisites

PostHog account with admin access
Understanding of environment variable management
.gitignore configured

Instructions

Step 1: Understand Key Security Profiles

Key Type	Prefix	Exposure Risk	Capabilities
Project API Key	`phc_`	Low (designed to be public)	Capture events, evaluate flags, identify users

Related skills

posthog-security-basics

PostHog Security Basics

Overview

Prerequisites

Instructions

Step 1: Understand Key Security Profiles

More from jeremylongshore/claude-code-plugins-plus-skills

backtesting-trading-strategies

mindmap-generator

svg-icon-generator

performance-lighthouse-runner

tracking-crypto-prices

d2-diagram-creator