The simplest way and the wrong way to handle these important credentials is to hardcode it in our code. When you push the code to the repository you are sharing your secret stuff with everybody else in your project. Even if you are working alone it can cause problems as anyone who sees your code will also have access to your secret information.
Keep them in environment variables
The safest way to handle your secret keys/password is saving them in envirnoment variables. In this post we will learn how to save important credentials in environment variables and access them in python script.
To set password or secret keys in environment variable on Linux(and Mac) you need to modify .bash_profile file that is in your home directory. You need to open the terminal and cd to the home directory.
Now, open the .bash_profile file in any text editor of your choice.
$ nano .bash_profile
We need to add our environment variable in this file. For that add following content at the top of the file.
export USER="username" export PASSWORD="password"
Note: There should not be any whitespace on either side of = sign.
Save the nano file by pressing ctrl + x and Y. Now, use the following command to effect the changes.
$ source .bash_profile
Using a separate .env file
The above mentioned method saves the secret credentials system-wide which may not be good idea if you have multiple applications.
The solution is to store the secrets in a seperate .env file.
A dotenv file contains only text, where it has one environment variable assignment per line.
Create a .env file in your project and add your secret keys or passwords:
Important: Make sure to add it in your .gitignore file.
Now, you need to install python-dotenvpackage. python-dotenv is a Python package that lets your Python app read a .env file. This package will search for a .env and if it finds one, will expose the variables in it to the app.
$ pip install -U python-dotenv
To save passwords and secret keys in environment variables on Windows, you will need to open Advance System Setting.
You can navigate to control panel > System and Security > System > Advanced system Settings.
Now in Advance System Setting click on Environment Variables.
Here we can add new user variables and new system variables. We will add user variable by clicking New under user variables.
In the new window you can add Variable name and Variable value and click ok. Now, click Ok on Environment Variables window to save changes.
Access the environmental variables
To access these variables in our python script, we need to import the os module. We can do that by using os.environ.get() method and passing the key we want to access.
If you are using .python-dotenv method you need to add a couple of lines at the start of your application. from dotenv import load_dotenv load_dotenv() In case of Django project, you should add the above script at the top of wsgi.py and manage.py file.
from dotenv import load_dotenv #for python-dotenv method load_dotenv() #for python-dotenv method import os user_name = os.environ.get('USER') password = os.environ.get('password') print(user_name, password) # output username password
The Tech Platform