Python-dotenv (Keep your secrets safe)

#python #flask #programming #security

Is the security of your website / app threatened? Do you know how to keep your secrets safe during develepoment and production stage? In this article, i am going to guide you on how to work with SECRETS and KEYS without exposing them to the outside world, and keep them safe during development too!

Python-dotenv is a Python module that allows you to specify environment variables in traditional UNIX-like “.env” (dot-env) file within your Python project directory. Read more from their official documentation

Environment variables is the set of key-value pairs for the current user environment. They are generally set by the operating system and the current user-specific configurations.

Python-dotenv helps us work with SECRETS and KEYS without exposing them to the outside world, and keep them safe during development too

Also, it helps in the development of applications following the 12-factor app principles.

Installation

#Create a new virtual environment
python3 -m venv venv
#activate
source venv/bin/activate
#install
pip install python-dotenv

Using the python-dotenv module

Create a .env file
First, you need to create a new .env file, and then load the name and value of the variables as a key-value pairs:
```
#.env file
ID = "12345689"
SECRET_KEY = "gsabijwjnciiwbjksa"
```

Create app.py file ,Import and Call python-dotenv

# app.py
## importing the load_dotenv from the python-dotenv module
from dotenv import load_dotenv

load_dotenv()

Access the Environment Variables

from dotenv import load_dotenv
import os #provides ways to access the Operating System and allows us to read the environment variables

load_dotenv()

my_id = os.getenv("ID")
my_secret_key = os.getenv("SECRET_KEY")

def myEnvironment():
    print(f'My id is: {my_id}.')
    print(f'My secret key is: {my_secret_key}.')

if __name__ == "__main__":
    myEnvironment()

Output
ID = "12345689" SECRET_KEY = "gsabijwjnciiwbjksa"

KEY-NOTE: A large number of security vulnerabilities can be resolved by taking care of leaked credentials, and the python-dotenv helps in developing a safer project environment to work with, both, during and after development as well.

Tip🖊️: In case you accidentally exposed your secret / key, do not panic because you can always generate a new key. Also, i would recommend generating new keys before deployment as a safety measure.

Be Safe. Happy coding 🎉🎉

Feel free to leave your comment or feedback below. I would love to hear your opinions.
You can also connect with me via twitter and linkedin.

Top comments (7)

P0intMaN • Feb 14 '22

The most concise and up-to-the-point explanation. Well done!

Emma Donery • May 24 '22

Thank you for your feedback @p0intman . It means a lot

Emma Donery • Feb 15 '22

Thank you for your feedback

Bhavesh Kakwani • Apr 9 '22

If only all tutorials could be this clear and to-the-point...thank you

Emma Donery • May 24 '22

Thank you for your feedback Bhavesh. It means a lot

Miron • Jun 20 '22

Sorry, but I just don't see the point. If you store your credentials in your project folder anyway, then why not just read the file? How is exposing your credentials aditionaly as environment variables for every app to read more secure?