How to hide my API key from my web application

[grahamj89]

Select Topic Area

Question

Body

I want to know how to hide my API key from my web application. I can't publicly share it, also I don't want make my repository private. Any help is much appreciated a lot.

[DulangaDasanayake]

Hi, @grahamj89

To keep your API key secure while still keeping your repository public, you can follow these steps:

1. Use Environment Variables:

   • Store your API key in environment variables. In Python, you can use the os module to access these variables. This prevents the key from being hardcoded into your application code.
   • Example:

     import os
     api_key = os.getenv('API_KEY')

2. Add .env File:

   • You can create a .env file in your project root and store the API key there. Use the python-dotenv package to load environment variables from this file.
   • In .env:

     API_KEY=your_api_key_here
     

   • Install python-dotenv:

     pip install python-dotenv

   • Load the .env variables in your app:

     from dotenv import load_dotenv
     load_dotenv()  # Loads the .env file

3. Add .env to .gitignore:

   • Ensure the .env file is not tracked by Git by adding it to .gitignore:

     .env
     

4. Use a Secret Manager (Optional):

   • If you're deploying your app (e.g., to AWS, Heroku, or any cloud service), use their secret management tools to store your keys securely.

This way, the API key is never exposed in your codebase, and you can still keep your repository public.

[grahamj89]

Hello, @DulangaDasanayake

Much appreciate the great help.