From 1cb741270b64407e0d58fe7f65b5b05f49b3c864 Mon Sep 17 00:00:00 2001 From: medusa Date: Wed, 20 Dec 2023 02:56:51 +0000 Subject: [PATCH] Add docs/tech_docs/env-GnuPG.md --- docs/tech_docs/env-GnuPG.md | 150 ++++++++++++++++++++++++++++++++++++ 1 file changed, 150 insertions(+) create mode 100644 docs/tech_docs/env-GnuPG.md diff --git a/docs/tech_docs/env-GnuPG.md b/docs/tech_docs/env-GnuPG.md new file mode 100644 index 0000000..169b040 --- /dev/null +++ b/docs/tech_docs/env-GnuPG.md @@ -0,0 +1,150 @@ +## Managing Environment Variables Securely in Python Projects + +This guide provides a step-by-step approach to managing environment variables in Python projects on Ubuntu servers using `dotenv` for handling environment variables and GnuPG (GPG) for file encryption. + +### Prerequisites + +- Python 3 installed on Ubuntu Server +- Basic familiarity with terminal commands + +### Contents + +1. [Setting Up dotenv with .env Files](#1-setting-up-dotenv-with-env-files) +2. [Encrypting and Decrypting .env Files with GPG](#2-encrypting-and-decrypting-env-files-with-gpg) +3. [Automating Decryption in Python Scripts](#3-automating-decryption-in-python-scripts) +4. [Backing Up GPG Keys](#4-backing-up-gpg-keys) +5. [Basic GPG Commands](#5-basic-gpg-commands) + +--- + +### 1. Setting Up `dotenv` with `.env` Files + +`dotenv` is a module that loads environment variables from a `.env` file into `os.environ`. This section covers creating a `.env` file and integrating `dotenv` into your Python project. + +#### Steps: + +1. **Create a `.env` File**: + + ```bash + # Navigate to your project directory + cd /path/to/your/project + + # Create a .env file + touch .env + + # Add environment variables + echo "API_KEY=yourapikey123" >> .env + echo "DB_PASSWORD=hunter2" >> .env + ``` + +2. **Install `python-dotenv`**: + + ```bash + pip3 install python-dotenv + ``` + +3. **Modify Your Python Script**: + + ```python + import os + from dotenv import load_dotenv + + load_dotenv() # Loads the .env file + + api_key = os.getenv('API_KEY') + db_password = os.getenv('DB_PASSWORD') + + # Your script continues here... + ``` + +4. **Update `.gitignore`**: + + ```bash + echo ".env" >> .gitignore + ``` + +### 2. Encrypting and Decrypting .env Files with GPG + +GnuPG (GPG) is used for encrypting files, ensuring sensitive information like environment variables in `.env` files is secure. + +#### Steps: + +1. **Install GnuPG**: + + ```bash + sudo apt-get update + sudo apt-get install gnupg + ``` + +2. **Encrypt the `.env` File**: + + ```bash + gpg --encrypt --recipient your_user_id .env + ``` + +3. **Decrypt the `.env` File When Needed**: + + ```bash + gpg --output .env --decrypt .env.gpg + ``` + +### 3. Automating Decryption in Python Scripts + +Automate the decryption of the `.env` file at the start of your Python script for convenience while maintaining security. + +#### Example Function: + +```python +import subprocess +import os +from dotenv import load_dotenv + +def decrypt_env_file(): + subprocess.run(['gpg', '--quiet', '--batch', '--yes', '--decrypt', '--output', '.env', '.env.gpg']) + +# Decrypt the .env file +decrypt_env_file() + +# Load environment variables +load_dotenv() + +# Your main script logic + +# Delete the .env file securely after use +os.remove('.env') +``` + +### 4. Backing Up GPG Keys + +Regular backups of GPG keys are essential to avoid losing access to encrypted data. + +#### Steps: + +1. **Export Your Private Key**: + + ```bash + gpg --export-secret-keys your_user_id > myprivatekey.asc + ``` + +2. **Export Your Public Key**: + + ```bash + gpg --export your_user_id > mypublickey.asc + ``` + +### 5. Basic GPG Commands + +Familiarize yourself with basic GPG commands for managing your keys and encrypted files. + +#### Common Commands: + +- **List Keys**: `gpg --list-keys`, `gpg --list-secret-keys` +- **Import Key**: `gpg --import [file]` +- **Export Key**: `gpg --export -a [email/id] > public.key` +- **Delete Key**: `gpg --delete-key [email/id]`, `gpg --delete-secret-key [email/id]` +- **Encrypt File**: `gpg --encrypt --recipient [email/id] [file]` +- **Decrypt File**: `gpg --decrypt [file.gpg]` + +--- + +By following this guide, you will be able to securely manage environment variables in your Python projects, leveraging `dotenv` for environment variable management and GnuPG for encryption, ensuring your sensitive data remains protected. \ No newline at end of file