Hide API keys in Python scripts using python-dotenv, .env, and .gitignore
Ғылым және технология
Sometimes you want to make your code public, but don't want to share an API key, email address, or password with the world. Using a combination of python-dotenv and a .gitignore file, you'll be good to go!
Note: If you're using Jupyter Notebooks, make sure you're not printing your API keys all over the place!! (and also: your .env file will need to be in the same directory as your .ipynb)
repo: github.com/jsoma/dotenv-example
python-dotenv: github.com/theskumar/python-d...
gitignore: gitignore.io/
Пікірлер: 83
Always found the config files and .env file scary, but after seeing your video it seems so easy to work with and super logical too!
Most simple explanation ever, I've struggled with this lol thank you
This was an awesome, clear tutorial and exactly what I needed! Thanks so much!
very clear and intuitive instead of just throwing jargons!
Thank you for posting this. It really helped with understanding how to use the dotenv module to hide my API keys. I especially liked the tip on creating the content for gitignore file.
One of the.... no No only one clearest explanation!! Thank you very much!
I was having issues with conflicting instructions until I found your video. Thank you! Great content, great presentation
@jsoma
2 жыл бұрын
You're welcome!
Clean and excellent explanation. Thanks a million, Jonathan Soma!
Wow, this is one of the best tutorials I have seen. Explained everything so well, now there is no need to search for any other tutorial on this topic. Thank you.
@-Anubhab
3 ай бұрын
totally agreed
Glad I came across this tutorial of yours! Very helpful!
Great! I was struggling to hide credentials of a SQL database and your video helped me get it done. Thankyou!!
Best tutorial I have seen on this topic. Good job brother.
Clear and straight to the point! Thank you!
Great video Jonathan, this helped alot. I was stuck in the weeds for a bit.
Loved it, Clear and just to the point, very well explained! Keep up the good work :)
This was the best tutorial for me to understand how to use dotenv in python!! tysm
Finally, best ever explanation about how to use python-dotenv. You made my life easier, Bro! Thank You so much for this video.
Amazing tutorial. Cannot wait to learn more stuff from you!!!
Wonderful tutorial, very clear and precise! Thank you a lot!
Indeed, what a great tutorial. Covers all my questions.
Thanks, Well Explained! 15 minutes well spent, got to learn a lot:)
Thanks - really well explained. Super simple when it is explained as well you did!
Helpful and thorough. Thanks!
Awesome, You have clearly explained it.
Thank you for such an excellent tutorial!
That was the complete tutorial, thanks for it.
thank you for making this was the key to success
Thanks a lot for your explanation, I used this video to configure .env with java
Perfectly explained. Thanks.
Very complete! Thanks for sharing! :)
Thanks for your explanation, set me interested in and was like really useful to know!
Exactly what i needed, thanks
Very informative. Thank you!
Thanks a lot, finally it becomes clear to me
many thanks, it is what I'm looking for
Phenomenal tutorial!
Thanks! relaxing tutorial
Nice explanation, Appreciate it.
Thank you Sir! Subscribed!
Perfect explanation, with a pinch of satire!
Explained well man! 👏🏻
Thanks great and really helpful video.
Very helpful video - thanks
Best one so far. :)
Thank you bro was super useful
Great video! You showed us how to read a .env variable into a python module. Next would be how do I set or write to or update a .env variable from my python module? This is something I have to do with refresh tokens. I have to read the last refresh token from the .env file, get a new refresh token back, and save the new refresh token back into the .env variable. Hopefully that make sense! It would be amazing to know how to do that!
great explanation !
very thorough thanks!
very helpful tutorials
When you have liked this video and still revisit a year later.
Thanks for explanation. Now i know....
thank you this was very helpful. What about for virtual machines, would I just be able to create a .env file right on my VM and pull the secure info from there?
Thank you!!!
When I deploy my app to a server(heroku for example) from GitHub - it does not have env file(obviously). But how do I set it up so that my app works?
Hey, great video! I've always had the doubt, what if build a web app and deploy it using Heroku or something. If my app connects to a cloud server like Firebase with a password and I have that in my gitignore file, will people be able to use my web app? Or will my app not be able to find that password?
Is it safe when you use it in locally only right just running in your local system? Is it safe in Pycharm only?
if I am deploying a django project and in the settings.py file I added dotenv but when I deploy it on pythonanywhere it shows error while running wsgi application dotenv module not found
Where do you save the .env file so that it can be found by the Python os.getenv() method?
Any chance you do blockchain programming :)? This was really a great tutorial on something simple but obscure but important haha.
Thank you
One thing that's still in my brain: if we don't actually send the file, how can the server recover it?
I love your way of storing data . But what will you do if you want to store a Python list as environment variable outside the code?
@anibaldk
6 ай бұрын
Bit old by now but you could store it as: 1. JSON string 2. Regular string which you parse In any case, you can always resort to base64 in case of strange annoying characters
when i try to print the variable it prints me none. Im using a virtual env if its somehow related
Wow! I used to commit my codes with my API keys without bothering as I developed stuff for my firm. Seems I would need to improve upon my practices and hold up some standards.
Please help me with my problem When i used .env without .gitignore it worked and bot started running But when i posted .gitignore file it not displayed the .env in repo all fine, But when i deployed it in heroku The bot is not working
Hey great Video but I got a question, I am currently using a .env to hide my mySQL connection data inside of my python script, and when using nuitka this .env is not hidden and instead its shown in the path of the exe. Is there a way to fix it, or do you maybe know a alternative I can do to hide my mySQL connection data like the password? Or is nuitka so safe that people cant get my sourcecode at all?
Hello Sir, could you help me? I'm getting an error saying that it's a syntax error I uninstalled and reinstalled python-dotenv
is it possible to make a .env file that requires a password to open? I have a python script I need to share with my team but I am not uploading it to git just sending them over the folder to run when they need.
y si hay una persona que sabe de este método y consulta .env no le aparecen las claves??
Sorry, could you please explain, what is the benefit of this comparing to just saving them in a separate .py file that I can then add to gitignore?
@jsoma
2 жыл бұрын
That's perfectly fine, too! I think this is just one of the more common techniques, maybe because people are used to putting .env files into gitignore as opposed to other files? Either way is okay!
LMFAO - "Sometimes when your programming you have code or little bits and pieces that you dont want to share with the entire world - and I'm not just talking about you being embarrassed about your programming"
Just create a json file with ur data then load it in the script, no need to install any python libs
@alanalmeida7887
2 жыл бұрын
ah yes that can be done too. But I feel it boils down to personal preference.
But what about if i want to share my python desktop app with a friend, how to keep my credentials secret?
@jsoma
2 жыл бұрын
Unfortunately I don't think there's a good method for that situation. You either need to trust your friend with your credentials or allow them to input their own keys!
@khalidhassani6173
2 жыл бұрын
@@jsoma my app gives the user the possibility to store some data in a mysql db and he w'ill receive a confirmation by email. I struggle with the way i should hude the sensitive information related to connexion to the db and the SMTP ones
@jsoma
2 жыл бұрын
@@khalidhassani6173 hmmm. I think you'd want to have your desktop app call to a web service you control, and then the web service you control talks to the smtp service. maybe they register so you can track them and allow them to send, etc. That will be a real pain since it's a whole separate service to run beyond just your app, but I really can't think of a better route.
@khalidhassani6173
2 жыл бұрын
@@jsoma thanks for the help, i should put some effort in this subject, learning is a long path full of thorns
Lovely video Bless you bro