How to store sensitive API Keys securely in Django public workspace



Hey All - I am trying to add a sensitive API key in Django and don’t want to put it in my file for all to see. Does anyone know how to create a file outside the workspace, then import that key into my file securely? I just want to make sure that I don’t put anything out there in the public space that shouldn’t be. Can someone provide the steps I would need to take, including how to import that file into using python? Thanks!


Same here. Interesting if there is a robot that goes through all public c9 workspaces to harvest credentials and access info…


You can place your keys in environment variables, and access them from Python. Read-only access cannot access environment variables.

@techtonik This could be the case, but I am guessing that the C9 team has some security measures against this.


The only way to ensure code is safe is to run such bot yourself. =) I also found this:


I figured it out.

Create a in /home/secrets. This should be safe outside of the public workspace. You can set environment variables like this.

sudo mkdir secrets
sudo nano

import os

os.environ["APIKey"] = "1234"
os.environ["Secret"] = "secret"

Lastly, In your add environment variables like this.

    import sys
    import os


    from config import *

    APIKey = os.environ.get('APIKey')
    Secret = os.environ.get('Secret')