Hey All - I am trying to add a sensitive API key in Django and don’t want to put it in my settings.py file for all to see. Does anyone know how to create a file outside the workspace, then import that key into my settings.py file securely? I just want to make sure that I don’t put anything out there in the public space that shouldn’t be. Can someone provide the steps I would need to take, including how to import that file into settings.py using python? Thanks!
Same here. Interesting if there is a robot that goes through all public c9 workspaces to harvest credentials and access info…
You can place your keys in environment variables, and access them from Python. Read-only access cannot access environment variables.
@techtonik This could be the case, but I am guessing that the C9 team has some security measures against this.
The only way to ensure code is safe is to run such bot yourself. =) I also found this:
I figured it out.
Create a config.py in /home/secrets. This should be safe outside of the public workspace. You can set environment variables like this.
sudo mkdir secrets
sudo nano config.py
import os os.environ["APIKey"] = "1234" os.environ["Secret"] = "secret"
Lastly, In your main.py add environment variables like this.
import sys import os sys.path.append(os.path.abspath("/home/secrets")) from config import * APIKey = os.environ.get('APIKey') Secret = os.environ.get('Secret')