We've all been there before, pushing login credentials or API tokens to GitHub. This can cause many issues, like getting your account that's linked to the API you're using suspended. All because of bots finding your API token on GitHub. Perhaps someone finds your connection string to your online hosted database and removes all your data.
Preventing these situations is easy with two files:
- a .env file
- a .gitignore file
In this blog post, we will go over how to set these two files up and how to use them in your Python 3 project. Let's go!
Pre-requirements
It helps to know about a couple of things to understand this blog post better:
- How to set up a Python project
- How basic Python syntax works
- How to use pip
- How to use git (git init, git status)
For example 2 it also helps to know how public APIs work with Python.
What Are These Files
we need to know what these files are and do first. You never want to code with something you don't understand.
What Is a .env File
An Environment Variables file is a text file you can use by naming it '.env' in your project folder. It's a simple way to save global variables that you want to use but don't want out there on the internet. Examples of these are:
- Database credentials
- Login credentials
- API tokens
- Private keys
- Crypto Wallet keys
What Is a .gitignore File
The name already says it all. A .gitignore file is a text file that tells git to ignore files from being committed. You don't want to commit your .env file because all your secret credentials are in there. That's why you want a .gitignore file to exclude it.
The Practical Coding Examples
There are two practical examples in this blogpost you can either read through or recreate if you want to. The first one is a very simple one where we hide your favorite language in the .env file. The second example includes the use of an API key. It helps to understand how APIs and dictionaries work, but it's not a must.
Before We Get Started
If we want to use a .env file, there's one thing we need to install first. We need the 'python-dotenv' package with pip to get the .env file to actually work.
To install python-dotenv, use this command in the terminal:
pip install python-dotenv
Don't forget to re-build or re-open your Python project before trying to use the package.
Example One: This Is My Favorite Language
In this example, we want to print your favorite language. The discussion about what the best language is can be controversial on the internet. This is why we're going to keep it a secret from GitHub. Python is my favorite language, so that's what I'm going to use.
To get started we need two files in the project folder:
- main.py (you can also give it another name as long as it's a Python file)
- .env
Okay, now the fun part! We're going to code.
1. Add a variable
To create a variable that contains the string 'Python' we can add the following to the .env file:
LANGUAGE = Python
The variable name in a .env file should always be uppercase.
2. Use the variable in the Python file
Using this variable in the Python file is easier than you might think!
First, we need some packages to get Python to work together with the .env file. These are: dotenv and os.
We import them like this:
from dotenv.main import load_dotenv
import os
Next up you need to tell python-dotenv to load in our variables and os to search for the variables. We can do that by adding these two lines:
load_dotenv()
favorite_language = os.environ['LANGUAGE']
3. Look at the result
That's it! Now we can use a print statement to tell the world what your favorite language is
The print function to let people know:
print("My favorite programming language is: " + favorite_language)
# Prints My favorite programming language is: Python
Here's all the code we should have in the Python file after this example:
from dotenv.main import load_dotenv
import os
load_dotenv()
favorite_language = os.environ['LANGUAGE']
print("My favorite programming language is: " + favorite_language)
Example Two: The Simple Superhero API
We will add another variable to the .env file for this second example. This time, we're going to hide an API key because that's something you should want to keep secret at all times.
This article isn't about how API calls work. Because of this, I won't be going into huge detail about what the code does. If you are interested in learning how to use an API with Python, take a look at this blogpost on Rapid API
We all love Batman (right?), so the plan is to create a small terminal application that shows:
- His name ('Batman')
- His actual name ('Bruce Wayne')
This info comes from a public API called 'Superhero API '.
1. Add variable to the .env file
We need to add the API key to the .env file. We do this so we can keep it secret from git later on. We call this variable API_KEY:
API_KEY=3928193820281931
This API key example is fake. You will have to generate your own on the website if you want to try it yourself.
2. Add the imports we need to the Python file
We need the imports we already used and some new ones for API requests and JSON converting. Here's what we need in code at the top of our Python file:
from dotenv.main import load_dotenv
from urllib.request import Request, urlopen
import os, json
load_dotenv()
3. Fetch the API data and convert it from JSON
The next step is that we're going to send a GET request to the API. After doing that, convert the JSON data we received to a dictionary. We can use that dictionary for the console application later on.
Here is the call reference we're going to use:
https://superheroapi.com/api/api-key/character-id/biography
To make life a little easier, I figured out that the ID for batman is 70.
To request the API data, get the data and turn it into a dictionary, we add the following code to the Python file:
api_key = os.environ['API_KEY']
url = "http://www.superheroapi.com/api.php/" + api_key +"/70/biography" # Url to API
api_request = Request(url, headers={'User-Agent': 'Mozilla/5.0'}) # The header needs to be added due to the APIs security
data = urlopen(api_request).read() # Calls the API request and reads the JSON data it receives.
data_to_dict= json.loads(data)
4. Get the data from the dictionary
We need to get the data (superhero- & real name) from the dictionary to a string variable. This is possible by using a dictionary.get('a key value from the dictionary').
name = data_to_dict.get('name')
real_name = data_to_dict.get('full-name')
5. Look at your result
And there we have it! All we have to do now is print those values to the terminal.
print("Superhero name: " + name + ", Real name: " + real_name)
# Result will be Superhero name: Batman, Real name: Bruce Wayne
Once we've done all of this the Python file will look something like this:
from dotenv.main import load_dotenv
import os, json
from urllib.request import Request, urlopen
load_dotenv()
api_key = os.environ['API_KEY']
url = "http://www.superheroapi.com/api.php/" + api_key +"/70/biography"
api_request = Request(url, headers={'User-Agent': 'Mozilla/5.0'})
data = urlopen(api_request).read()
data_to_dict= json.loads(data)
name = data_to_dict.get('name')
real_name = data_to_dict.get('full-name')
print("Superhero name: " + name + ", Real name: " + real_name)
Adding The .gitignore File
The first thing we need to do is to set up a local repository. We can do this by opening the terminal in your project folder and running git init
. If you've never used git before, or the git command isn't recognized, you probably need to install it first.
Next, we run git status
in the terminal. With this command, git will show you what files it can commit for you.
We don't want to commit the .env file. That would lead to our secret variables being public. That's why we're going to create a .gitignore file.
The simplest and quickest way to set up a .gitignore file is to write down .env
on the first line and save it.
What I prefer more is going to gitignore.io and searching for 'Python.' It will give you a page with plain text with all kinds of files and folders to ignore that are common for Python (including .env). Copy and paste the raw text to the .gitignore file you made in your project folder.
The text we get from gitignore.io if we search for 'Python' looks like this:
If we copy the text, it will look something like this in the text editor:
Now you've got yourself a working .gitignore file. Don't forget to save it!
Finishing up
That's all! All there's left to do now is commit and push your code to your GitHub repository. If you run git status
you can tell Git can't commit the .env file anymore. It's not on the list.
The End
Thank you so much for reading. I hope this blog post helped you. Don't be afraid to reach out on Twitter or Instagram for any questions or remarks. You can also comment on this post. See you later!