Python Tutorial: Securely Manage Passwords and API Keys with DotEnv

hey there how's it going everybody in this video we're going to be learning how to use a popular python Library called python. EnV and this can be used to manage environment variables for our python projects now in some previous videos I talked about using environment variables for sensitive information like API keys or database passwords and in those videos I showed how we can set environment variables on Mac or Windows and then use those within our python code so that sensitive information isn't visible Within the code itself and this is a great Habit to get into uh because you never want to leak your passwords or API keys by accident by hardcoding them into your scripts and this is why using environment variables is so important and with a library like EnV we're going to be able to keep these environment variables within our project which is majorly beneficial for multiple different reasons so first of all this is going to be crossplatform uh so we don't have to worry about the different ways of setting up Environ variables on Mac or Windows or Linux uh we can simply just use the same method regardless of operating system uh now second environment variables are going to be set at the project level and not systemwide and this is going to avoid conflicts with other projects so it's extremely common to have you know an API key for specific projects and instead of needing to keep track of all these on a systemwide level using the previous methods that we've seen before with python. EnV we can simply have an API key environment variable that is specific to each project so let's go ahead and get started and take a look at some examples to see how this works and how easy it is to use so first of all we're going to need to install EnV using pip so I'm here within my terminal I'm just going to say pip install and this is python d. v so let's install that and now let's say that we have a new python project so right now I have a project directory uh in on my desktop that contains a single empty python script and I'm already navigated to this directory so if I look at the current directory we can see that it's just on my desktop it's called EnV tutorial and if I list the files in here we simply just have a test. py so now let me go ahead and open up VSS code so now within this project let's say that we're going to have some information that we don't want to be visible within the code itself so to do this we're going to create a EnV file so over here in my uh file explorer I'm just going to create a EnV file and that's going to be blank for now and now this next part is extremely important if you plan on keeping sensitive information in your EnV file uh which is one of its main use cases then you want to be absolutely sure that if you're using Version Control like git that you do not commit this file to the repository uh because the whole point of not having the sensitive information in the codee itself is so that it the code can be shared without having that information be visible now if you're using something like git uh the first thing that you're want to going to want to do is create a dog ignore file and add this Dov file uh so that it ex it is ignored when we make our commits because otherwise if you commit this to the repository and push it up to something like GitHub uh then that defeats the purpose because people will just have access uh to this file and be able to see all the sensitive information so what we're going to want to do here is create a. get ignore file and within here we're going to ignore. EnV now speaking of good habits to get into uh I create these dog ignore files for just any project just in case I decide at a later time that I'm going to push this up somewhere and then that way I don't have to worry about it now one website that you can go to that I have pulled up here it will help you create get ignore files uh this is uh T o. com Ford developers SLG ignore and I'll put a link to this in the description section below and it can help you create your get ignore files based on what you're using so for example I'm doing a python project so I can just type in Python here and add that whoops that says python vanilla let me change that and select Python and I'm also on Mac OS so if I go to Mac OS here uh then I can add that as well and then I can create that and we can see here that it creates a get ignore file for us and you know we can see the top section here is for Mac OS and it ignores files like DS store and things like that so we don't have any unneeded files in our git repository but with that said let's get back to looking at how to use this uh python. EnV package so now that we have that listed in our G ignore file I'm

going to close that down and now let's see how we can use this EMV file to hold our sensitive information so let's say that we have an API key now we can simply add this in uh I can just say API key is equal to ABCD 1 2 3 4 something like that and we'll look more at the syntax and what's allowed in this EnV file in just a second but for now let's see how easy it is to load this into our script so I'm going to open up our uh test script here now first we'll want to import the uh load. EnV function from this module so to do this we can say from. EnV import and this is load. EnV and then we can load ourv file into environment variables just by calling that function so I'll say load. EnV call that function and save that and simply by running that those values use within our EnV file will be set as environment variables that we can access now the most common way to access these is by using the OS module so let me go ahead and import that so here at the top of the file I'll do an import of os and now let's see if we can access that API key environment variable so I'll create a new variable here and just say os. it EnV and we will load that in we called that API key I believe and now let's simply print this out so we'll print out that API key that we just created and if I run this then we can see that we have this down here as abcd1234 so we can see that we have access to that API key but that we didn't need to hardcode it into our script so nobody can uh see it publicly and for a quick rundown onv it's pretty much as simple as that uh but let's also look at a few tips and examples that may come in handy and also a bit about the syntax of this EnV file so let me open this back up now the syntax of this file is very similar to bash uh which is what I used in my previous Mac video showing how to set these environment variables so first of all there are no spaces around the equal sign in variable assignments as we can see here so we don't put a space like we would in Python we just want to keep those uh Al together now we do have the ability to add comments um they can either be at the start of a line or at the end of a line um so for example I could um put this on a new line up here and say um you know a API credentials and then if I had multiple credentials then we can also add them at the end of a line uh so for example I could say uh key for Google Maps or something like that and if I go back to my script and run this then we can see that those comments um didn't mess with the functionality at all now another thing that I wanted to point out uh is that all of these values are loaded in as strings uh so if you're loading in a number or something like that then you'll need to specifically cast that to the data type that you need if you want it to be loaded in as something else so if this API key was only numbers then we could cast that to an integer uh like so but this one has some uh characters in there so that would throw an error in this instance now we're also allowed to uh have some spaces in our values uh so for example if I created a another value here called user and if I wanted to set that equal to Corey schaer then I could do it like this so this is allowed just as is and we can see here that we have a blank line between my API key and the user variable and that's completely fine also uh you can use you know these blank lines to organize your variables in the different sections now my own personal preference when it comes to any values that have spaces in them is to wrap them in quotes So something like this I would personally um put quotes here when it has a space uh just so that I can uh more easily see what's going on there and that should work fine as well uh now this points out another problem that I've run into before when working on a project that I want to show you now so I have this uh user set to Corey Schaffer with caps and a space between it um but if I go back to my script and if I load in this user so I'll just say user is equal to and instead of the API key we'll go ahead and get that user variable that we created and now let's print that out instead if I save this and run it then you can see that the value that I get down here is Corey Ms uh with no spaces it's all lowercase um so that's a bit confusing that's not what I added to my uhv file and this

could be one of those things that kind of racks your brain and causes a lot of debugging uh before figuring out what's going on but basically all that's happening here is that there's nothing wrong with our EnV file I actually already have an environment variable on my machine with this value that's set systemwide andv doesn't override these existing environment variables by default uh so this is so that the existence of one of these EnV files doesn't accidentally override values from one machine to another uh so we have two options here of what we can do the first option is to Simply change the variable name uh that we're using within the EnV file or we can explicitly tell load. EnV uh to override existing environment variables so to do that second option I could simply come up here to that function and say override is equal to true and let me fix my spacing here and if I save that and run it then we can see that now we get the value that we had in that EnV file but personally if I ever run into this problem uh I don't like overwriting the systemwide variables so what I'm going to do is I'm going to remove this override here and I'm simply going to uh change the variable name that we're using within that file so if I go back here then instead of user let's just call this username or something like that and since I don't have a systemwide variable called username uh this should work as expected okay and just a couple more tips about the syntax here uh like I said any of these values uh with a space I like to have wrapped in quotes and if I wanted to have a space at the beginning uh or end of that string then it's actually necessary to put it in quotes So what I mean by that was is if I had a space here then I would have to put that in quotes quot because it's not valid without that now speaking of quotes there's actually a difference between single and double quotes uh anything that you put inside single quotes is treated literally and putting something in double quotes allows us to use some special characters so for example let's say that we had a variable that was multiple lines of text um one way that we could do this is to Simply put it within quotes and make it multiple lines so let's look at an example of this uh for example let's say that I had an address uh now one way I could do this is I could use uh single quotes here to treat this as literal text and now let's just do um you know one two three uh fake Street then go to the next line here and just do uh My Town West Virginia and now let's see if this worked properly so I'll go back here um now we have an address so let's load that in as well and hopefully whenever we print this out we will get that two lines um that we typed in so we can see that python does print that out as two lines so we can see that works but if we didn't want this to take up multiple Lines within the EnV file uh then we could just use a new line character uh like we've probably seen within python but to do this we would have to use uh double quotes so let's go back here and make this uh double quotes and now we can use some special characters so one of these is going to be the new line character just like in Python that's uh back sln and now this will print out the address on multiple lines let's go ahead and test this real quick we can see that still works so it is important to know the differences between single quotes and double quotes uh especially since the EnV files are used for passwords and a lot of passwords can have special characters in them uh so that's something that you'd want to wrap in single quotes so that the password is inter is interpreted literally so that it doesn't um you know accidentally interpret something like a back slash n as a new line character now the last quick thing that I want to cover here is variable expansion so just like in bash we can use variables but to use them in the EnV file we'll have to surround them in curly braces so let's say that my username here let's set that as Corey M shaer and I wanted to reuse this within other variables so for example let's say that uh I wanted to set an email and I wanted it to be my username at gmail. com so the way that we're going to use variable expansion here is we're going to need a dollar sign and then curly braces and then the variable that we want to expand and then we can say gmail. com and that will add in that corium schaer there so if I have that

correct syntax then I should be able to go back here and let's just go ahead and grab the email as that user instead uh just to speed things up here and we can see here that it gives the correct email address um using that variable expansion and with the variable expansion as well um we can wrap this in quotes also see if that still works and we can see that still works as well um so we can use that with within quotes as well if we had some spaces in here okay so I think that's going to do it for this video uh just a quick video on um how to get this up and running I think this is a lot better than uh the ways that we've looked at before um but hopefully now you have a good idea for how you can use python. EnV and also why it's so useful for different projects and this is actually my go-to library now when working with environment variables and you'll likely see me using this a lot in future tutorials when I have the need for environment variables in my project now there's actually one that I'll be releasing here soon where I use EnV to hide my sensitive information when I show how I used python to automate some bill payments of mine uh so be sure to uh subscribe to the channel if you want to be notified when I release those future videos but if anyone has any questions about what we covered in this video then feel free to ask in the comment section below and I'll do my best to answer those and if you enjoy these tutorials and would like to support them then there are several ways you can do that the easiest ways to Simply like the video and give it a thumbs up also it's a huge help to share these videos with anyone who you think would find them useful and if you have the means you can contribute through patreon or YouTube and there are links to those pages in the description section below be sure to subscribe for future videos and thank you all for watching