speak-security-basics
Security best practices for Speak API keys, audio data privacy, student data protection, and COPPA/FERPA compliance. Use when implementing security basics features, or troubleshooting Speak language learning integration issues. Trigger with phrases like "speak security basics", "speak security basics".
Allowed Tools
Provided by Plugin
speak-pack
Claude Code skill pack for Speak AI Language Learning Platform (24 skills)
Installation
This skill is included in the speak-pack plugin:
/plugin install speak-pack@claude-code-plugins-plusClick to copy
Instructions
Speak Security Basics
Overview
Security best practices for Speak API keys, audio data privacy, student data protection, and COPPA/FERPA compliance.
Prerequisites
- Completed
speak-install-authsetup - Valid API credentials configured
- ffmpeg installed for audio processing
Instructions
API Key Security
# Never commit API keys
echo '.env' >> .gitignore
echo '.env.local' >> .gitignore
# Use secrets manager in production
export SPEAK_API_KEY="$(aws secretsmanager get-secret-value --secret-id speak/api-key --query SecretString --output text)"
Audio Data Privacy
// Speak processes audio on their servers — do NOT store student audio locally
// unless required by your application
class PrivacyAwareClient {
async assessAndClean(audioPath: string, targetText: string, language: string) {
try {
const result = await this.client.assessPronunciation({
audioPath, targetText, language,
});
return result;
} finally {
// Delete local audio file after assessment
fs.unlinkSync(audioPath);
}
}
}
Student Data Protection
- Never log student audio recordings
- Redact student names from API logs
- Store assessment scores, not raw audio
- Implement data retention policies (delete after N days)
- COPPA compliance for students under 13: parental consent required
- FERPA compliance for educational institutions: student data agreements
Security Checklist
- [ ] API keys in secrets manager, not code
- [ ] Audio files deleted after processing
- [ ] Student PII not logged
- [ ] HTTPS enforced for all API calls
- [ ] Rate limiting prevents abuse
- [ ] Access logs maintained for audit
Output
- Basics implementation complete
- Speak API integration verified
- Production-ready patterns applied
Error Handling
| Error | Cause | Solution |
|---|---|---|
| 401 Unauthorized | Invalid API key | Verify SPEAKAPIKEY environment variable |
| 429 Rate Limited | Too many requests | Wait Retry-After seconds, use backoff |
| Audio format error | Wrong codec/sample rate | Convert to WAV 16kHz mono with ffmpeg |
| Session expired | Timeout after 30 min | Start a new conversation session |
Resources
Next Steps
See speak-prod-checklist for production readiness.
Examples
Basic: Apply security basics with default configuration for a standard Speak integration.
Advanced: Customize for production with error recovery, monitoring, and team-specific requirements.