On my last weekend project I needed to talk to an API using an AUTH_KEY which should be private but should be included in the request instead of using any auth method.
The request I needed to run was:
requests.get('https://<URL>/<SOMETHING>/<SOMETHING_ELSE>.json/?auth_key=YOUR_AUTH_KEY')
So I decided to use pyyaml, and it's very easy to use! Here's a short example of the python file
import json
import yaml
file = open('config.yml', 'r')
cfg = yaml.load(file, Loader=yaml.FullLoader)
url = 'https://<URL>/<SOMETHING>/<SOMETHING_ELSE>.json/?auth_key=' + cfg['auth']['key']
request = requests.get(url)
# then, everything else
Then, the config.yml is something like this:
auth:
key: MY_AUTH_KEY
And not I can have my config.yml stored only in my laptop or, even better, in some secret place like a vault or something but not publicly accessible to anybody in GitHub.
Enjoy.
Top comments (8)
Thanks for sharing this.
How does this compare to saving the key under environment settings and accessing it via os.environ.get() ?
Am just wondering if it's more secure ?
Thanks
that env vars can be seen (and (personal opinion) I think it's more structured)
noyaml.com
That's true though some of it can be avoided via safe load.
Even if everything works perfectly,
YAML parsers tend to be big bulky and slow compared to parsers of simpler formats,
you can even use CSON if you dont want brackets and semicolons, etc
and still more simpler than YAML to parse.
Pydantic has a nice BaseSetting module that works with environment variables that I would recommend. Combo that with python-dotenv for file based loading.
Why full loader?
Could you add an example of
where we can avoid leaking secrets into git ?