Hiding secret info in Python using environment variables

Raivat Shah
Apr 13, 2019 · 4 min read

A beginner’s key to secrecy…

If you’ve worked on software engineering or data science projects that require some form of API keys, you would’ve noticed a flaw in sharing the code online: the secret information will be out there for everyone to see and possibly misuse! A classic example is a pair of a username and a password for a database. We certainly don’t want that to leak. How do we prevent this?

Environment variables are the answer!

What is an Environment Variable?

Before I answer that, I want you to recall what a variable is in a programming language. Simply put, it is a quantity in a program that can change over time.

An environment variable is similar to that definition, albeit with a few nuances. The “environment” in “environment variable” refers to the environment your program is running in (either your computer (local) or server (remote)). As you can guess, an environment variable has something to do with the environment the program is running in. Thus, unlike a variable of a programming language, the environment variable is tied to your environment (of your operating system) and not any particular programming language. Thus, you can reuse them in different languages.

How to use them?

As the environment variable is tied to the environment, creation depends on your operating system and its usage depends on the programming language you want to use it in. In this post, I’ll be covering the steps for mac OS (and I’ll be assuming you’re using bash — the default shell on mac OS) and for using the environment variable in Python. Rather than creating variables first and then using them later, let us reverse engineer the process. You’ll see the benefit later. Go to your Python file and import the os module:

The os module provides functionality for Python to use operating system dependent functionality, e.g. our environment variables. You can read more about it here if you’d like. Now, navigate to the part with your secret info. For this post, consider that we have two pieces of information we want to keep secret: “username” and “password” (which are essentially strings).

I will go through the process of hiding one of them inside an environment variable and then the process of any other variable should be similar. Now, open the Mac terminal. By default, you should be in your home directory (~yourusernameonmac), as shown below:

Image for post
Image for post
Terminal at home directory

If you’re not already there, press cd ~ . From here, open your bash profile in the vim unix text editor by typing the command below:

Don’t worry, if you don’t already have one, vim will automatically create one for you. A bash-profile is basically a configuration for the bash shell in your system. We need to create our environment variable in it so that we can refer to it whenever we’d like. Now, press the i key to go into insert mode for the editor. Enter the following command (at the top of your file if other code already exits):

The above code fragment assigns the value username to the environment variable VARENV . Notice that the variable name for an environment variable must be all CAPS. The benefit of reverse engineering the process is now you’re clear on what to set for the value and what to set for the key. Given that this might be the first time you’re seeing this, it could have been daunting to look at the above syntax without realising where and how it is used.

Exit the insert mode by pressing the esc key and then save the file and quit the editor by entering the :wq command. You are now back to your home directory in terminal.

Now, head over to your Python file and change the username as follows:

Inside your operating system, environment variables are stored as a key-value pair, similar to a Python Dictionary. Thus, you can “get” a value (which is hidden) when you enter a correct “key”. In this way, only the key is publicly available whereas the value remains private.

And Tada! Your secret info (username) is now hidden. However, please note that this is only a beginner’s guide and there is a lot more to know about environment variables. Here are a few great articles to learn more about hiding secret info with environment variables:


Imagine the future of data

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store