Managing Environment Variables Easily with Python’s dotenv

How to Easily Manage Sensitive Information and Configuration Values in Your Python Applications

In today's world, we often need to use sensitive information such as API keys, passwords, database credentials, and other secrets in our code. Hardcoding sensitive information, while arguably the easiest and fastest method, is not safe and can cause security issues. Hardcoding secrets, can also make your project more difficult to maintain.

Why Keep API Keys and Other Credentials Secure?

Exposed credentials can be exploited and used to access sensitive information or to make API calls. In a case where you may be paying for an API based on the number of calls made, an compromised key could become quite expensive!

The solution here is to use environment variables to store such sensitive information. The dotenv Python library is a great tool that helps us manage environment variables effectively.

Here, we will explore how to use the dotenv library to easily manage environment variables in Python.

What is dotenv?

dotenv is a Python library that reads key-value pairs from a .env file and sets them as environment variables in your current environment. It allows you to keep sensitive information separate from your code, making it easy to manage and maintain.

Installation

The dotenv library can be installed easily using pip:

pip install python-dotenv

Example

For this example, we’re going to refactor old and unsafe code where we hard coded our API credentials into our project. In the article, A Beginner’s Guide to Tweepy, we included the credentials as the first lines of our program.

Including secrets in our code is a bad idea. It’s very easy for us to accidentally include them in commits and possibly make them public when pushing code to GitHub.

import tweepy

# Variables that contains the credentials to access Twitter API
ACCESS_TOKEN = 'your_access_token'
ACCESS_SECRET = 'your_access_secret'
CONSUMER_KEY = 'your_consumer_key'
CONSUMER_SECRET = 'your_consumer_secret'


# Setup access to API
def connect_to_twitter_OAuth():
    auth = tweepy.OAuthHandler(CONSUMER_KEY, CONSUMER_SECRET)
    auth.set_access_token(ACCESS_TOKEN, ACCESS_SECRET)

    api = tweepy.API(auth)
    return api


# Create API object
api = connect_to_twitter_OAuth()

Let’s update this code to hide our secrets.

Usage

First we need to create a .env file in the root directory of our project. For this example, our project is a single Python file and we will create the environment file in the same directory.

Here is what our file structure looks like with the addition of the .env file:

### directory structure
twutter_scraper
├── .env
└── main.py

Now lets move our credentials to the .env file:

ACCESS_TOKEN=your_access_token
ACCESS_SECRET=your_access_secret
CONSUMER_KEY=your_consumer_key
CONSUMER_SECRET=your_consumer_secret

We next need to make some updates to our Python file.

We must import and load dotenv and access the environment variables using the os module:

from dotenv import load_dotenv
import os

# get environment variables from .env
load_dotenv()

# Variables that contains the credentials to access Twitter API
ACCESS_TOKEN = os.getenv('ACCESS_TOKEN')
ACCESS_SECRET = os.getenv('ACCESS_SECRET')
CONSUMER_KEY = os.getenv('CONSUMER_KEY')
CONSUMER_SECRET = os.getenv('CONSUMER_SECRET')

Our final, refactored code looks like this:

import tweepy
from dotenv import load_dotenv
import os

# get environment variables from .env
load_dotenv()

# Variables that contains the credentials to access Twitter API
ACCESS_TOKEN = os.getenv('ACCESS_TOKEN')
ACCESS_SECRET = os.getenv('ACCESS_SECRET')
CONSUMER_KEY = os.getenv('CONSUMER_KEY')
CONSUMER_SECRET = os.getenv('CONSUMER_SECRET')


# Setup access to API
def connect_to_twitter_OAuth():
    auth = tweepy.OAuthHandler(CONSUMER_KEY, CONSUMER_SECRET)
    auth.set_access_token(ACCESS_TOKEN, ACCESS_SECRET)

    api = tweepy.API(auth)
    return api


# Create API object
api = connect_to_twitter_OAuth()

Our credentials are now removed from our Python file!

One final step to take here would be to add our .env file to our .gitignore to ensure that we don’t accidentally commit it with our changes.

In the case of this example, where we are updating old code that was previously committed to version control, we need to check our commit history as well to make sure all references to our credentials are removed.

As an extra precaution, we could delete potentially exposed credentials and regenerate new ones.

Conclusion

Here we discussed the importance of keeping credentials secret and how to do so using the Python library dotenv.

Using dotenv is a simple and effective way to manage environment variables in your Python projects.

By following the steps outlined in this tutorial, you can start using dotenv in your projects today!

More content at PlainEnglish.io.

Sign up for our free weekly newsletter. Follow us on Twitter, LinkedIn, YouTube, and Discord.

Interested in scaling your software startup? Check out Circuit.