How to HIDE Your API Keys in Python Projects

32 thoughts on “How to HIDE Your API Keys in Python Projects”

• i made a sweet utility manager to handle keyring, its on my github, called it keyringwarden

• Thanks. Nice video.

• Thanks man, i really needed this

• You should have mentioned gitignore, so that the .env file won't be pushed into git.

• Thanks sir…

• One doubt:
  Are you taking about only the server base projects where already all are safe.
  But what about client based standalone applications.
  The binary is on client's system. If some one disassemple they could see the .env file right ?
  As it is Python is not safe to right commercial projects, because 100% source code can be retrived.

• How do you keep everything safe for a production application?

• Clear, short, on point , extremely useful . Thank you.

• Great video! You showed us how to read a .env variable into a python module. Next would be how do I set or write to or update a .env variable from my python module? This is something I have to do with refresh tokens. I have to read the last refresh token from the .env file, get a new refresh token back, and save the new refresh token back into the .env variable. Hopefully that make sense! It would be amazing to know how to do that!

• I don't understand why they r so important??? What could happen?

• Exactly what i was looking for, thanks!

• Straightforward, concise, and clear. Much appreciated.

• Copy code?

• the correct recent syntax is:
  os.environ.get('api_key')
  or
  os.environ['api_key]

• what if im deploying the app from github repo to a hosting service? if the API key file is ignored, does that mean it will not work on the hosting server?

• Set video to 1.25 speed 👌

• Thanks for the tip. Works like a charm!

• Maybe create .py file with a var like first example, then compile with cython, so on delete .py file created and import from the module .pyd generated by cython. So, the token is compiled like dll file, no way to get back, but still can be obtained by calling the module. Could be better if the .py file contain also whatever code not associated but similar to the project to act like a robust module, not to only get token.

• good tutorial but still hiding your plain text keys in .env is insecure and big no for secure coding practice 🙂 what you can just do it copy in a secure folder with permission but still its in plain text lol

• But how would one automate this?
  I don't want to manually create a file on the server everytime.
  Any way that works well when working with Docker images and CICD?

• awesome, thanks!!

• When you create the .env file, what type of file is it??

• Nice video. But you must write the .env in the gitignore, or?

• Encrypt API key with password stored inside .py file is a big brain move lol

• 😉

• Hi John,
  
  Found it useful. Tried it today and it worked. Thanks for your time and sharing.
  
  Thanks,
  
  Chetan from Kandivali, Mumbai, India 🙂

• Very good explanation, I have a question for you, what theme used in terminal? zsh?

• why is the second way to do it better ? Is it more secure ?

• Was watching your videos and because of your clear explanations, I did my first python Api scrapper with extremely little knowledge of programming 🤣🤣

  I was wondering if you will be doing any video on some sites that has a slider as a captcha like Alibaba as it seems impossible to scrape

• Pro Top 101# If you know or can guess that your project needs an API key. Start from a private repo. Don't create a public repo in the first place.

• Or use git-crypt

• Hello friend, there will be some way to vary my IP as I scrape, it is to avoid banning

Comments are closed.