Is the security of your website / app threatened? Do you know how to keep your secrets safe during develepoment and production stage? In this article, i am going to guide you on how to work with SECRETS and KEYS without exposing them to the outside world, and keep them safe during development too!
Python-dotenv is a Python module that allows you to specify environment variables in traditional UNIX-like “.env” (dot-env) file within your Python project directory. Read more from their official documentation
Environment variables is the set of key-value pairs for the current user environment. They are generally set by the operating system and the current user-specific configurations.
Python-dotenv helps us work with SECRETS and KEYS without exposing them to the outside world, and keep them safe during development too
Also, it helps in the development of applications following the 12-factor app principles.
Installation
#Create a new virtual environment
python3 -m venv venv
#activate
source venv/bin/activate
#install
pip install python-dotenv
Using the python-dotenv module
-
Create a .env file
First, you need to create a new .env file, and then load the name and value of the variables as a key-value pairs:
#.env file ID = "12345689" SECRET_KEY = "gsabijwjnciiwbjksa"
-
Create app.py file ,Import and Call python-dotenv
# app.py ## importing the load_dotenv from the python-dotenv module from dotenv import load_dotenv load_dotenv()
-
Access the Environment Variables
from dotenv import load_dotenv import os #provides ways to access the Operating System and allows us to read the environment variables load_dotenv() my_id = os.getenv("ID") my_secret_key = os.getenv("SECRET_KEY") def myEnvironment(): print(f'My id is: {my_id}.') print(f'My secret key is: {my_secret_key}.') if __name__ == "__main__": myEnvironment()
Output
ID = "12345689"
SECRET_KEY = "gsabijwjnciiwbjksa"
KEY-NOTE: A large number of security vulnerabilities can be resolved by taking care of leaked credentials, and the python-dotenv helps in developing a safer project environment to work with, both, during and after development as well.
Tip🖊️: In case you accidentally exposed your secret / key, do not panic because you can always generate a new key. Also, i would recommend generating new keys before deployment as a safety measure.
Be Safe. Happy coding 🎉🎉
Feel free to leave your comment or feedback below. I would love to hear your opinions.
You can also connect with me via twitter and linkedin.
Top comments (7)
The most concise and up-to-the-point explanation. Well done!
Thank you for your feedback @p0intman . It means a lot
Thank you for your feedback
If only all tutorials could be this clear and to-the-point...thank you
Thank you for your feedback Bhavesh. It means a lot
Sorry, but I just don't see the point. If you store your credentials in your project folder anyway, then why not just read the file? How is exposing your credentials aditionaly as environment variables for every app to read more secure?
Thanks a lot for the great article! :D