How to save confidential data in environment variables with dotenv

best practice is to never have passwords and alike in clear text in Python scripts - here is the solution I use

21 Jul 2022 starting note.

Library resources
PyPI https://pypi.org/project/python-dotenv/
Github https://github.com/theskumar/python-dotenv
Documentation ---

Python-dotenv reads key-value pairs from a .env file and can set them as environment variables.

What this means is you can create a file called .env in your project(s) and store your confidential variables like passwords, tokens, access keys, IDs and anything you wish in it. You can then retrieve them from your Python scripts, so as to not display them in clear text there.

Originally I did not see the point, as it felt it did not matter if my passwords are in clear text in my script, or in clear text in a different file in my folder.

It clicked obviously when I started to share my code & scripts - first with Github (workin with others, or archiving code there) then sharing my notes publicly here.

See many examples, eg in Nic Note: Library: tmdbapis | fetching movie data where you will see tmdb_api_key = os.getenv("TMDB_API_KEY").

IMPORTANT: when using Git - like Github - make sure to add .env in .gitignore so your file with all your confidential data doesn't end up exposed in your Github repo!

Setup

install (ideally in virtual environment): 

pip3 install python-dotenv

Usage

create a .env file at the root of your project folder.
no file name, just .env.
for example you can see it here as the first file at the root of the project folder I'm currently writing this in: 

.
├── .env <------------------------
├── .gitignore
├── format.py
├── generate_sitemap.py
├── import_books_csv_to_grist.py
├── import_grist_books.py
├── import_homeoffice_setup_csv.py
├── import_notion_clipper.py
├── import_notion_markdown_files.py
├── import_old_ghost_blog_posts.py
├── notes
├── output
├── slugify_book_titles.py
├── test.py
├── text_to_html.py
├── tmdb_1000.py
├── tmdb_tmdbapis.py
├── tmdb_tmdbv3api.py
├── tmdb_top_rated.py
└── venv

The content of this .env file should be as follows: 

key=value
key=value

for example for my TMDB scripts, I have: 

TMDB_API_KEY=xxxxxxxxxxxx
TMDB_V4_TOKEN=xxxxxxxxxxxx

in your scripts just add then: 

from dotenv import load_dotenv
load_dotenv()

I use dotenv so much that the above snippet is part of my Python boilerplate which you can find here: Nic Note: My Python scripts boilerplate

and then fetch the needed password/token/secret with: 

my_password = os.getenv(key_from_.env_file)

for example: 

tmdb_api_key = os.getenv("TMDB_API_KEY")

01 Mar 2023

Using dotenv in Python scripts vs hardcoded secrets adds only 10mns at run time.

links

social