Application Programming Interfaces (APIs) have become an integral part of modern web development. To use them, developers often need API keys and secrets, which can pose security risks if not managed properly. A common practice is to store these sensitive pieces of information in environment variables.
This guide will introduce you to a Python library called python-dotenv that makes it easy to manage your application's environment variables. It will help you set up a .env file to securely store your API keys and secrets and teach you how to access these values in your Python programs. By the end of this guide, you'll be able to use python-dotenv effectively and have a quick reference guide to come back to when needed.
What is python-dotenv?
The python-dotenv library allows you to specify environment variables in a file, which is typically named .env. This file can then be read to set environment variables when your application starts. By using python-dotenv, you can separate your configuration from your code, which is a best practice for twelve-factor apps.
Installing python-dotenv
Before we can start using python-dotenv, we need to install it. Open a terminal and install python-dotenv by running the following command:
pip install python-dotenv
Creating a “.env” file
Next, let’s create a .env file in the root directory of our project. It’s a simple text file that stores key-value pairs. Each pair represents an environment variable and its corresponding value. Here’s an example of what a .env file might look like:
API_KEY=your-api-key
API_SECRET=your-api-secret
Replace your-api-key and your-api-secret with your actual API key and secret.
Note: It’s crucial to add your .env file to your .gitignore file to ensure it doesn’t end up in your version control system. This is how you do it:
- Open your .gitignore file (create one if it doesn’t exist already)
- Add
.envon a new line - Save the .gitignore file
Using python-dotenv in Your Python Program
Now that we have our .env file set up, we can start using it in our Python program.
First, we need to import the load_dotenv function from the dotenv module. This function will read the key-value pairs from the .env file and automatically set them as environment variables.
Here is how you do it:
from dotenv import load_dotenv
load_dotenv()
Now, your environment variables are loaded and can be accessed using Python’s built-in os module. Here's how to access the API_KEY and API_SECRET variables we defined in the .env file:
import os
api_key = os.getenv("API_KEY")
api_secret = os.getenv("API_SECRET")
Wrapping Up
That’s it! You’ve now learned how to manage API keys and secrets in Python using the python-dotenv library. By following these steps, you'll be able to keep your secrets safe and your configuration separate from your code, making your applications more secure and maintainable.
Remember, always include your .env file in your .gitignore file to prevent exposing your sensitive data.
Quick Reference Guide
#!pip install python-dotenv
# always include your .env file in your .gitignore file
# to prevent exposing your sensitive data.
# Import libraries
import os
from dotenv import load_dotenv
# Load .env file
load_dotenv()
# use the variable names as defined in .env file
api_key = os.getenv("API_KEY")
api_secret = os.getenv("API_SECRET")
That's it for this topic. Thank you for reading!