Store & manage secrets like API keys in Python

Store & manage secrets like API keys in Python - Tech Tip Tuesdays

Рет қаралды 20,091

Күн бұрын

In this video, we explore how to securely manage and use secrets like API keys, passwords, credential pairs, and other sensitive information in python. We run through the basics of using environment variables and move on to more advanced scenarios such as managing different secrets for multiple environments.
For this video we use the simple python package, Python Dotenv pypi.org/project/python-dotenv/ to be able to store our secrets securely and use them in our project.
0:00 Introduction
1:05 How not to store secrets
2:15 Environment variables
3:07 Creating environment variables
3:36 Using environment variables in python
5:03 Managing secrets with python dotenv
5:35 using .env file in Python
7:20 Protecting .env file
8:30 Managing multiple env files and environments
8:58 Using dotenv values, managing secrets in a dictionary
10:52 Using filename to change env secrets
Also, check our blog on how to manage secrets in python: blog.gitguardian.com/how-to-h...

Пікірлер: 17

@chrisseary3504 Жыл бұрын

You need to protect those secrets, and that isn't covered here. Encryption should be applied to the file contents, and restrictive ACLs should be applied to the file itself.

@robertcenusa8636 24 күн бұрын

Could you recommend a tutorial that covers that part?

@SkielCast Жыл бұрын

Some observations: - The value of __name__ should not be use to determine environments - To choose between environments, an additional environment variable called "environment" could be used, with a default value of "dev" to avoid errors - Having multiple .envs in local could make sense but only as an edge case, production credentials should not be in ANY local machine - If Python-dotenv is going to be a dependency, considered using tools like PDM, Poetry or Pipenv to make sure dependencies are locked

@ElenaBiriuchevskaia 3 ай бұрын

Thank you! Very well explained!

@infossil 3 ай бұрын

thank you, excellent

@shubhamtarkar38 Жыл бұрын

Hi can you make a tutorial on implementing Ci-Cd with bitbucket and ggshield

@hughesadam87 Жыл бұрын

Where does keyring fit into all this?

@mrs.neerajsharma7997 6 ай бұрын

Thank you so much , u r awesome

@GitGuardian 6 ай бұрын

Thanks for the feedback!!!

@mycinemax2653 Жыл бұрын

if i put .env or separate file to save secrets in my working server, how I protect it from outside hacker?

@zen.ali238 2 ай бұрын

did you find the answer?

@andrewschneider5722 7 ай бұрын

So if the secrets aren't in git, how can other collaborators use the secrets if they pick up a story that uses this code or how do testers test this code if they can't access the secrets?

@linux_fr 5 ай бұрын

Secret Manager

@lxvi4322 3 ай бұрын

how can I use this inside Aws Services like ERM-Studio? tnx

@GitGuardian 3 ай бұрын

You might want to try using AWS secrets manager for AWS native environments kzbin.info/www/bejne/l6SXmIqghr6lfsUsi=v8-fL7fkpw3lJQGE

@user-sq1ei7pw8h Жыл бұрын

Uhm how to put them in a prod server, the secrets should not be in the server right

@GitGuardian Жыл бұрын

Each production environment is different but they will all have the ability to inject the secrets as environment variables which will be stored in local memory that can't be obtained by a malicious user.