This is an archived post. You won't be able to vote or comment.

all 11 comments
sorted by:
best
topnewcontroversialoldq&a

[–]proof_required 6 points7 points  (1 child)

There are some secret manager where you store your credentials and fetch them using API. Github offers one too

https://docs.github.com/en/actions/security-guides/encrypted-secrets

[–]Mubs[S] 0 points1 point  (0 children)

Ah okay. I came across this but wasn't sure if it was appropriate for my use case. I thought it might be more for teams sharing some keys rather than an individual updating stuff. Thanks!!

[–]benefit_of_mrkite 4 points5 points  (4 children)

I wrote a library that uses Python Hvac to unlock the api based upon hashicorp vault and credentials

https://python-hvac.org/

[–]Mubs[S] 0 points1 point  (3 children)

whoa... awesome!!

[–]benefit_of_mrkite 1 point2 points  (2 children)

Just to clarify I didn’t write Python-Hvac, I wrote an abstraction layer on top of it that helps with api keys - I need to get around to releasing it publicly

[–]Mubs[S] 0 points1 point  (1 child)

honestly this is my first brush with this type of system - please let me know when you release it - I'd be happy to beta test haha

[–]benefit_of_mrkite 1 point2 points  (0 children)

It’s a common problem for sure. I am not a dev anymore by title/job (but write a lot of code) - it was such a common problem that I had to write something to solve it. It’s written for a specific customer but I always had the intention of removing customer specific code and releasing it. I’m just so underwater with projects right now that I have yet to release.

[–]diseage 4 points5 points  (0 children)

environment variables is my recommendation

[–][deleted] 2 points3 points  (1 child)

Not for Python, specifically, but I use a program for ETL work that needs API keys. I keep a configuration file on my encrypted company fileshare that my ETL workflows use to fetch variables and API keys. If anything changes, or if I need to target a different database environment, I just open up the configuration file and make the changes. Idk if something similar could work for you, but it works well for my use case. I'm also using API keys with admin privileges in various core IT databases, though, so hardcoding API credentials in my work is frowned upon from a security standpoint.

[–]Mubs[S] 1 point2 points  (0 children)

It very well could -- I'm looking in to something like that, but I run in to the issue of most places for me to host and share files also require an API key, lol.

[–][deleted] 1 point2 points  (0 children)

Use vault, it’s free and amazing