3 Ways to Store and Read Credentials Locally in Python

3 Ways to Store and Read Credentials Locally in Python

Secrets are called secrets for a reason. We do not want others to know about them, be it in real life or in Python


Originally posted on realpythonproject.com

Connect with me on LinkedIn, Twitter


We will be discussing 3 different ways to store credentials and read them using Python.

  • Storing them as system variables
  • Storing them as variables in your virtual environment
  • Storing them in a .env file
  • The Most Convenient Way

Storing them as Global Environment Variables

If the credentials are stored as Global Environment Variables, they can be accessed by any script running in any environment on your PC.

To Create a Global Environment Variable, run this in your terminal

export varName=varValue

Ensure there are no spaces between the '='. If you get an error "zsh: Bad Assignment", it is probably caused because of space between the '='.

Let's create a couple of global environment variables

export globalSecretUser=global_rahul1999
export globalSecretKey = global_xy76hUihk

In Windows, you might have to use "set" instead of "export"

The above script needs to be run in the terminal. Now, let us try accessing the variables we created earlier.

import os
print(os.environ) 
# This will print a dictionary with 
# all the global environment variables

We can use dictionary access methods to read the environment variables, i.e using .get() or [ ]

print(os.environ.get('globalSecretUser'))
print(os.environ.get('globalSecretKey'))

'''
global_rahul1999
global_xy76hUihk
'''

To update the environment variables, simply run the export statement again

export globalSecretUser=Updated_rahul1999

Let's try accessing the variable in Python again

import os 

print(os.environ.get('globalSecretUser'))

'''
Updated_rahul1999
'''

To remove an environment variable, we use the unset keyword

unset globalSecretUser

If you try to access the variable in Python, you will either get a KeyError or None depending on the method you use to access the values in the dictionary.

Storing them as variables in your virtual environment

These environment variables will only be accessible to scripts running in the virtual environment where the variables are created. We can think of them as "local" environment variables.

First, we will have to create a virtual environment

On Mac

python3 -m venv venv

On Windows

python -m venv venv

This will create a virtual environment in your current directory. There should be a file named "activate inside the bin folder. if you are on Windows, it should be inside the Scripts folder. This script runs every time we activate our virtual environment.

We will be adding our variables to this script. Therefore, every time we activate our virtual environment, the environment variables will be created. Open the file.

Before we create our variables, we will need to add some code to make sure the variables do not exist once the virtual environment has been deactivated.

We will use the unset keyword, go to the function deactivate() inside the activate script and unset the variables at the beginning of the function

deactivate () {
    unset localSecretUser
    unset localSecretKey
    # Some Code
}

Now, we will use the export keyword to define the variables. This code should go outside the deactivate function at the end of the activate script

deactivate(){
     # Some Code
}
# Some More Code
export localSecretUser=local_secret_rahul199
export localSecretKey=local_secret_xyudJIk12AA

In Windows, you might have to use "set" instead of "export"

Now we will need to activate our virtual environment. If you have already activated your virtual environment you can use the deactivate keyword to deactivate your virtual environment

deactivate

Type the above in the terminal.

Now let's activate our virtual environment. On Mac

source venv/bin/activate

On Windows

venv/Scripts/activate

You can list down the current environment's variables using the following command in the terminal

printenv

Now let's try accessing the variables we just created. It is similar to how we accessed the global environment variables

import os 

print(os.environ.get('localSecretUser'))
print(os.environ.get('localSecretKey'))

'''
local_secret_rahul199
local_secret_xyudJIk12AA
'''

Now let's deactivate the virtual environment and try running the python script again

deactivate
python3 main.py

It should return None.

Storing them in a .env file

Inside your root folder, the folder with your virtual environment, create a file named ".env." Add the variables inside the file

#inside file named .env
secretUser = "secret_user_rahul1999"
secretKey = "secret_key_adfdsaUj12"

We will need to install a python library to read the variables

pip3 install python-dotenv

Let's read the variables in Python

from dotenv import load_dotenv
import os 

load_dotenv()
print(os.environ.get('secretUser'))
print(os.environ.get('secretKey'))

'''
secret_user_rahul1999
secret_key_adfdsaUj12
'''

Do not forget to add the .env file inside your .gitignore file. This will ensure that your credentials are not pushed to your git repository.

# Inside .gitignore

.env

The Most Convenient Way

In my opinion, the most convenient way is to store them inside a .env file.

  • They are local to your project
  • You do not need to worry about 'unsetting' them
  • If you add them to your .gitignore file, it is safe from the outside world
  • If you deploy your script as a serverless function, you will need to use "load_dotenve()" to read the environment variables stored inside the configuration file of your Azure/AWS environment.

Although it has many pros, one con would be when we have a variable inside the .env file with the same name as a global variable. Accessing the variable in Python will return the global value since we are not using "unset" to unset the variable value or "export" to assign a new value to the variable.

Let me know if you prefer any of the other methods or if think one of them is safer than the other.