How would I set up my API Key using a .env file vs ~/.zshrc

blueice349 · April 9, 2025, 1:34am

I would like to put my api key in a .env file, but I am not seeing anything that explains how I can do this.

dmitryrichard · April 9, 2025, 1:45am

easier to place keys in a .py or .txt. env just sets the key to the enviorment - if you ever rotate keys easier to place in .py

blueice349 · April 9, 2025, 2:02am

I will be using AWS Secret manager which stores my .env file for use in a GitHub Action, what would you say would be the best method for this?

dmitryrichard · April 9, 2025, 2:19am

configre the aws in secret with ur crediential and secret access key, then fetch the env from SM

use python dot env to pull it from root

but again, all this seems like ur working with a cloud pipeline or team

encrypting the key file or using fed path system is better if u arent, if u are then it depends on what AWS IAM policy u trying to abide by,

blueice349 · April 9, 2025, 6:21pm

How would I configure a sample test to pull the key from specific place? the API docs says it needs to be in the /.zshrc or bash and it would find it on its own, which it does doing it that way. I just need to understand how to configure the api key usage from a specific location and I can manage how to get it from that location

suraj_b_khamkar · April 9, 2025, 6:28pm

Why are you not using AWS Secrets Manager directly in the application without .env?

_j · April 10, 2025, 5:16am

To rewrite this question:

I’m currently putting my API keys directly into my .zshrc or .bashrc, but I suspect that’s probably not ideal because it’s exposing them unnecessarily. I think maybe the better way might be to store these keys in their own secure .env file, right? And then, if I’m right, the Python dotenv library probably just loads that .env file at runtime, making these environment variables immediately available without changing the actual client code, right?

Then for deployment automation, maybe I shouldn’t commit that .env file to GitHub directly because that’s insecure—but maybe instead I could securely store it in AWS Secrets Manager? And, if I remember right, GitHub Actions probably can automatically and securely pull that file from AWS Secrets Manager at runtime and place it exactly in the location my script expects, right?

Am I missing something, or is that actually the proper way to securely configure API keys in Python—using a .env file, loading it with dotenv, storing the file securely in AWS Secrets Manager, and automating its retrieval in my GitHub Action?

Topic		Replies	Views
Best Practices for API Key Safety Documentation api-key , best-practices	1	880	November 19, 2023
API security (key management) API	8	1803	December 28, 2023
Beginner Woes-Authentification Error API	2	643	December 18, 2023
How do you store your API Keys in production? Community	10	4121	December 28, 2023
For some reason, I can call the API without an API key...? API	5	3017	July 19, 2023

How would I set up my API Key using a .env file vs ~/.zshrc

Related topics