3 Ways to Store and Read Credentials Locally in Python
Secrets are called secrets for a reason. We do not want others to know about them, be it in real life or in Python
Originally posted on realpythonproject.com
Connect with me on LinkedIn, Twitter
We will be discussing 3 different ways to store credentials and read them using Python.
- Storing them as system variables
- Storing them as variables in your virtual environment
- Storing them in a .env file
- The Most Convenient Way
Storing them as Global Environment Variables
If the credentials are stored as Global Environment Variables, they can be accessed by any script running in any environment on your PC.
To Create a Global Environment Variable, run this in your terminal
export varName=varValue
Ensure there are no spaces between the '='. If you get an error "zsh: Bad Assignment", it is probably caused because of space between the '='.
Let's create a couple of global environment variables
export globalSecretUser=global_rahul1999
export globalSecretKey = global_xy76hUihk
In Windows, you might have to use "set" instead of "export"
The above script needs to be run in the terminal. Now, let us try accessing the variables we created earlier.
import os
print(os.environ)
# This will print a dictionary with
# all the global environment variables
We can use dictionary access methods to read the environment variables, i.e using .get() or [ ]
print(os.environ.get('globalSecretUser'))
print(os.environ.get('globalSecretKey'))
'''
global_rahul1999
global_xy76hUihk
'''
To update the environment variables, simply run the export statement again
export globalSecretUser=Updated_rahul1999
Let's try accessing the variable in Python again
import os
print(os.environ.get('globalSecretUser'))
'''
Updated_rahul1999
'''
To remove an environment variable, we use the unset keyword
unset globalSecretUser
If you try to access the variable in Python, you will either get a KeyError or None depending on the method you use to access the values in the dictionary.
Storing them as variables in your virtual environment
These environment variables will only be accessible to scripts running in the virtual environment where the variables are created. We can think of them as "local" environment variables.
First, we will have to create a virtual environment
On Mac
python3 -m venv venv
On Windows
python -m venv venv
This will create a virtual environment in your current directory. There should be a file named "activate inside the bin folder. if you are on Windows, it should be inside the Scripts folder. This script runs every time we activate our virtual environment.
We will be adding our variables to this script. Therefore, every time we activate our virtual environment, the environment variables will be created. Open the file.
Before we create our variables, we will need to add some code to make sure the variables do not exist once the virtual environment has been deactivated.
We will use the unset keyword, go to the function deactivate() inside the activate script and unset the variables at the beginning of the function
deactivate () {
unset localSecretUser
unset localSecretKey
# Some Code
}
Now, we will use the export keyword to define the variables. This code should go outside the deactivate function at the end of the activate script
deactivate(){
# Some Code
}
# Some More Code
export localSecretUser=local_secret_rahul199
export localSecretKey=local_secret_xyudJIk12AA
In Windows, you might have to use "set" instead of "export"
Now we will need to activate our virtual environment. If you have already activated your virtual environment you can use the deactivate keyword to deactivate your virtual environment
deactivate
Type the above in the terminal.
Now let's activate our virtual environment. On Mac
source venv/bin/activate
On Windows
venv/Scripts/activate
You can list down the current environment's variables using the following command in the terminal
printenv
Now let's try accessing the variables we just created. It is similar to how we accessed the global environment variables
import os
print(os.environ.get('localSecretUser'))
print(os.environ.get('localSecretKey'))
'''
local_secret_rahul199
local_secret_xyudJIk12AA
'''
Now let's deactivate the virtual environment and try running the python script again
deactivate
python3 main.py
It should return None.
Storing them in a .env file
Inside your root folder, the folder with your virtual environment, create a file named ".env." Add the variables inside the file
#inside file named .env
secretUser = "secret_user_rahul1999"
secretKey = "secret_key_adfdsaUj12"
We will need to install a python library to read the variables
pip3 install python-dotenv
Let's read the variables in Python
from dotenv import load_dotenv
import os
load_dotenv()
print(os.environ.get('secretUser'))
print(os.environ.get('secretKey'))
'''
secret_user_rahul1999
secret_key_adfdsaUj12
'''
Do not forget to add the .env file inside your .gitignore file. This will ensure that your credentials are not pushed to your git repository.
# Inside .gitignore
.env
The Most Convenient Way
In my opinion, the most convenient way is to store them inside a .env file.
- They are local to your project
- You do not need to worry about 'unsetting' them
- If you add them to your .gitignore file, it is safe from the outside world
- If you deploy your script as a serverless function, you will need to use "load_dotenve()" to read the environment variables stored inside the configuration file of your Azure/AWS environment.
Although it has many pros, one con would be when we have a variable inside the .env file with the same name as a global variable. Accessing the variable in Python will return the global value since we are not using "unset" to unset the variable value or "export" to assign a new value to the variable.
Let me know if you prefer any of the other methods or if think one of them is safer than the other.