API Keys
One of the easiest security sins to commit is to accidentally put
an api key into source control. Instead of putting an api key into
a config.py
file which can go to source control, you can put an
api key into your shell environment variables, and pull it into your
script.
zsh file
I use zsh as my shell, so in my .zshrc fill I will add the following line:
export API_KEY=abcd1234
Then from within the script, use the following:
global api_key
api_key = os.environ['SCHEDULE_MESSAGE_API_KEY']
if api_key == '':
sys.exit('no api key found, please add an environment variable named API_KEY')
Now the api key is safely stored in your local environment and kept out of source control. Easy as that!