Title: A More Secure way to Store Credentials

  • Towards AI Agents
  • More Secure way to Store Credentials
  • Writing & Running Python Scripts
  • Hands-on Walkthrough and Tasks
  • Create Multi-Agent Systems with CrewAI

The "getpass()" function

After getting familiar with Jupyter Notebook, especially Google Colab that is hosted remotely on a server, you would realize that it is very dangerous to specify our API key in the notebook or script.

What we have been using until this point is to rely on the getpass() function to allow users (in fact us), to input the API Key and store the value into a variable, shown below.

from openai import OpenAI  
from getpass import getpass  
  
openai_key = getpass("Enter your API Key:")  
client = OpenAI(api_key=openai_key)

This method helps keep the key secure by not hardcoding it into the script, which could be accidentally shared or exposed.

Make sure never to hardcore the API Key or any other credentials
  • Unauthorized Access:
    • If the notebook or script is shared or stored in a repository, anyone can use your API key to access the associated services, potentially leading to data breaches or abuse of the service.
  • Code Leakage:
    • If the code is accidentally leaked or published, your API key becomes compromised.
  • Hard to maintain:
    • Imagine you have a key that is being shared by 10 applications. What happens if the key expires and you need to replace all the keys with the new one.

Where "getpass()" no longer works

While the getpass() method helps keep the key secure by not hardcoding it into the script which which could be accidentally shared or exposed, this method is not suitable for scenarios where the Python script or application needs to run autonomously, without human interaction, such as:

  1. Automated scripts or applications: If your script is part of a larger application or a scheduled task that runs automatically, there won't be a user present to input the API key each time it runs. This makes getpass() impractical.
  2. Web applications or services: For applications deployed on a server to provide services over the web, requiring manual input of an API key upon each restart or deployment is not feasible. These applications often need to start and operate without human intervention.
  3. Containerized applications: Applications deployed using containers (e.g., Docker) in cloud environments are designed to be easily replicated and scaled. Requiring manual input for each container instance is not practical.
  4. Development and testing environments: In environments where continuous integration/continuous deployment (CI/CD) practices are followed, the deployment process is automated, and manual steps like entering an API key each time the application is tested or deployed are not suitable.

Securely Managing API Keys & Credentials with "Environment Variables"

When building an application, the app may require access to a variety of APIs and other services, such as Google Sheet, AWS account, or Telegram messages. All these access would require some forms of credentials (i.e., username and password pair, API key).

Think of an environment variable as a special, secure place on your computer or server where you can store these credentials Your Python scripts or applications can access the credentials, such as the OpenAI API key, when they need to access the services, but the credentials aren't visible to anyone just looking through the code.

One way to set the environment variable is through a configuration file (.env).

What is a .env File?

  • ✦ A .env file is a simple text file used to store configuration settings, environment variables, and other key-value pairs related to a Python project.
  • ✦ It typically contains sensitive information such as API keys, database credentials, or configuration settings.
  • ✦ Unlike hardcoding these values directly into your source code, you store them in a .env file, which is loaded into the project's environment during runtime.
  • ✦ using .env files in Python ensures secure management of sensitive information and allows for flexible configuration across different environments.
  • ✦ It's a best practice for maintaining security and scalability in your projects! 🛡️🐍

Why Use a .env File?

  • Security:
    • By keeping sensitive data separate from your codebase, you reduce the risk of accidentally exposing it.
  • Organization:
    • It provides a systematic way to manage project-specific variables.
  • Flexibility:
    • You can easily switch between different configurations (development, testing, production) by modifying the .env file.

How to Create and Use a .env File:

  • Step 1: Create the .env File:
    • In your project directory, create a file named .env at the root level.
    • This is where you'll store your configuration settings and sensitive information.
    • Define key-value pairs in your .env file, for exampe:
	KEY="<my_OpenAI_Key>"
  • Step 2: Install the Module:
    • Install the python-dotenv library using the following command: 
pip install python-dotenv
  • Step 3: Access the .env File in Your Python Code:
    • Import the dotenv module in your Python code.
    • Use load_dotenv() to load variables from the .env file.
    • Access the values using os.getenv("KEY") for each key-value pair defined in the .env file. Example: 
    ```Python
import os  
from dotenv import load_dotenv  

load_dotenv()  
print(os.getenv("KEY"))  
```
Interactive Graph
Table Of Contents
Title: A More Secure way to Store Credentials
Table of Contents
The "getpass()" function
Where "getpass()" no longer works
Securely Managing API Keys & Credentials with "Environment Variables"
What is a .env File?
Why Use a .env File?
How to Create and Use a .env File: