A guide to properly managing API keys and environment variables in Python projects
π Introduction
When working with APIs in Python, you often need to use API keys or other sensitive credentials. It's crucial to manage these keys securely to avoid leaking sensitive information or accidentally committing them to your Git repository.
For a complete demonstration, check out my GitHub repository Secure-API-Key-Handling, It features a Streamlit chat app that securely manages API keys using .env
files and the python-dotenv
package while interacting with the Gemini Generative AI model.
π Getting Started
Follow these steps to set up your project for secure API key handling:
1. Install Dependencies
You'll need the python-dotenv
package to load environment variables from a .env
file.
pip install python-dotenv
2. Set Up a .env
File
Create a .env
file in your project root, where you'll store your API key and other environment-specific variables:
# .env
API_KEY=your_api_key_here
Important: This .env file should never be committed to your repository. Weβll configure .gitignore to ensure that.
3. Add .env
to .gitignore
Add the following line to your .gitignore
file to ensure that .env
doesn't get pushed to Git:
# .gitignore
.env
5. Provide a .env.example
File
For other developers working on your project, include a .env.example
file as a template:
# .env.example
API_KEY=your_api_key_here
This file will not contain sensitive data, but it gives an example of the variables required to run the project. Other developers can copy this file to .env and add their own credentials.
cp .env.example .env
π Common Mistakes to Avoid
- Hardcoding API Keys: Never hardcode sensitive information directly in your Python code.
# BAD EXAMPLE: Never do this
api_key = "hardcoded_api_key"
Committing .env files : Ensure that .env is always included in .gitignore to avoid accidentally pushing it to version control.
Pushing Virtual Environments: Always exclude virtual environments (like venv) from Git:
# .gitignore
venv/
Top comments (0)