Hide API keys in Python scripts using python-dotenv, .env, and .gitignore
ฝัง
- เผยแพร่เมื่อ 6 ก.ย. 2024
- Sometimes you want to make your code public, but don't want to share an API key, email address, or password with the world. Using a combination of python-dotenv and a .gitignore file, you'll be good to go!
Note: If you're using Jupyter Notebooks, make sure you're not printing your API keys all over the place!! (and also: your .env file will need to be in the same directory as your .ipynb)
repo: github.com/jso...
python-dotenv: github.com/the...
gitignore: gitignore.io/
Wow, this is one of the best tutorials I have seen. Explained everything so well, now there is no need to search for any other tutorial on this topic. Thank you.
totally agreed
Thank you for posting this. It really helped with understanding how to use the dotenv module to hide my API keys. I especially liked the tip on creating the content for gitignore file.
I was having issues with conflicting instructions until I found your video. Thank you! Great content, great presentation
You're welcome!
Thanks a lot for your explanation, I used this video to configure .env with java
Most simple explanation ever, I've struggled with this lol thank you
When I deploy my app to a server(heroku for example) from GitHub - it does not have env file(obviously). But how do I set it up so that my app works?
Always found the config files and .env file scary, but after seeing your video it seems so easy to work with and super logical too!
Finally, best ever explanation about how to use python-dotenv. You made my life easier, Bro! Thank You so much for this video.
When you have liked this video and still revisit a year later.
very clear and intuitive instead of just throwing jargons!
One of the.... no No only one clearest explanation!! Thank you very much!
Great video Jonathan, this helped alot. I was stuck in the weeds for a bit.
Great! I was struggling to hide credentials of a SQL database and your video helped me get it done.
Thankyou!!
Perfect explanation, with a pinch of satire!
Glad I came across this tutorial of yours! Very helpful!
Best tutorial I have seen on this topic. Good job brother.
This was an awesome, clear tutorial and exactly what I needed! Thanks so much!
Clean and excellent explanation. Thanks a million, Jonathan Soma!
This was the best tutorial for me to understand how to use dotenv in python!! tysm
thank you for making this was the key to success
Clear and straight to the point! Thank you!
Amazing tutorial. Cannot wait to learn more stuff from you!!!
Great video! You showed us how to read a .env variable into a python module. Next would be how do I set or write to or update a .env variable from my python module? This is something I have to do with refresh tokens. I have to read the last refresh token from the .env file, get a new refresh token back, and save the new refresh token back into the .env variable. Hopefully that make sense! It would be amazing to know how to do that!
Wonderful tutorial, very clear and precise! Thank you a lot!
Indeed, what a great tutorial. Covers all my questions.
Loved it, Clear and just to the point, very well explained! Keep up the good work :)
Exactly what i needed, thanks
if I am deploying a django project and in the settings.py file I added dotenv but when I deploy it on pythonanywhere it shows error while running wsgi application dotenv module not found
Helpful and thorough. Thanks!
Thanks - really well explained. Super simple when it is explained as well you did!
That was the complete tutorial, thanks for it.
many thanks, it is what I'm looking for
when i try to print the variable it prints me none. Im using a virtual env if its somehow related
Thanks, Well Explained! 15 minutes well spent, got to learn a lot:)
Where do you save the .env file so that it can be found by the Python os.getenv() method?
Phenomenal tutorial!
Perfectly explained. Thanks.
Awesome, You have clearly explained it.
One thing that's still in my brain: if we don't actually send the file, how can the server recover it?
I love your way of storing data . But what will you do if you want to store a Python list as environment variable outside the code?
Bit old by now but you could store it as:
1. JSON string
2. Regular string which you parse
In any case, you can always resort to base64 in case of strange annoying characters
Thanks for your explanation, set me interested in and was like really useful to know!
Very complete! Thanks for sharing! :)
Please help me with my problem
When i used .env without .gitignore it worked and bot started running
But when i posted .gitignore file it not displayed the .env in repo all fine,
But when i deployed it in heroku
The bot is not working
Hey, great video! I've always had the doubt, what if build a web app and deploy it using Heroku or something. If my app connects to a cloud server like Firebase with a password and I have that in my gitignore file, will people be able to use my web app? Or will my app not be able to find that password?
Thank you for such an excellent tutorial!
Thanks a lot, finally it becomes clear to me
Thanks! relaxing tutorial
Best one so far. :)
Very informative. Thank you!
Thank you Sir! Subscribed!
Hey great Video but I got a question,
I am currently using a .env to hide my mySQL connection data inside of my python script, and when using nuitka this .env is not hidden and instead its shown in the path of the exe. Is there a way to fix it, or do you maybe know a alternative I can do to hide my mySQL connection data like the password? Or is nuitka so safe that people cant get my sourcecode at all?
is it possible to make a .env file that requires a password to open? I have a python script I need to share with my team but I am not uploading it to git just sending them over the folder to run when they need.
thank you this was very helpful. What about for virtual machines, would I just be able to create a .env file right on my VM and pull the secure info from there?
great explanation !
Explained well man! 👏🏻
Thanks great and really helpful video.
Nice explanation, Appreciate it.
Thank you bro was super useful
Very helpful video - thanks
Thanks for explanation. Now i know....
Any chance you do blockchain programming :)? This was really a great tutorial on something simple but obscure but important haha.
Is it safe when you use it in locally only right just running in your local system? Is it safe in Pycharm only?
Hello Sir, could you help me? I'm getting an error saying that it's a syntax error
I uninstalled and reinstalled python-dotenv
LMFAO - "Sometimes when your programming you have code or little bits and pieces that you dont want to share with the entire world - and I'm not just talking about you being embarrassed about your programming"
very thorough thanks!
Sorry, could you please explain, what is the benefit of this comparing to just saving them in a separate .py file that I can then add to gitignore?
That's perfectly fine, too! I think this is just one of the more common techniques, maybe because people are used to putting .env files into gitignore as opposed to other files? Either way is okay!
Just create a json file with ur data then load it in the script, no need to install any python libs
ah yes that can be done too. But I feel it boils down to personal preference.
Wow! I used to commit my codes with my API keys without bothering as I developed stuff for my firm. Seems I would need to improve upon my practices and hold up some standards.
y si hay una persona que sabe de este método y consulta .env no le aparecen las claves??
very helpful tutorials
Thank you!!!
But what about if i want to share my python desktop app with a friend, how to keep my credentials secret?
Unfortunately I don't think there's a good method for that situation. You either need to trust your friend with your credentials or allow them to input their own keys!
@@jsoma my app gives the user the possibility to store some data in a mysql db and he w'ill receive a confirmation by email. I struggle with the way i should hude the sensitive information related to connexion to the db and the SMTP ones
@@khalidhassani6173 hmmm. I think you'd want to have your desktop app call to a web service you control, and then the web service you control talks to the smtp service. maybe they register so you can track them and allow them to send, etc. That will be a real pain since it's a whole separate service to run beyond just your app, but I really can't think of a better route.
@@jsoma thanks for the help, i should put some effort in this subject, learning is a long path full of thorns
Thank you
Lovely video
Bless you bro