medusa/the_information_nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
the_information_nexus/tech_docs/python/env-GnuPG.md
Whisker Jones aeba9bdb34 structure updates
2024-05-01 12:28:44 -06:00

3.8 KiB
Raw Permalink Blame History

Managing Environment Variables Securely in Python Projects

This guide provides a step-by-step approach to managing environment variables in Python projects on Ubuntu servers using dotenv for handling environment variables and GnuPG (GPG) for file encryption.

Prerequisites

  • Python 3 installed on Ubuntu Server
  • Basic familiarity with terminal commands

Contents

  1. Setting Up dotenv with .env Files
  2. Encrypting and Decrypting .env Files with GPG
  3. Automating Decryption in Python Scripts
  4. Backing Up GPG Keys
  5. Basic GPG Commands

1. Setting Up dotenv with .env Files

dotenv is a module that loads environment variables from a .env file into os.environ. This section covers creating a .env file and integrating dotenv into your Python project.

Steps:

  1. Create a .env File:

    # Navigate to your project directory
cd /path/to/your/project

# Create a .env file
touch .env

# Add environment variables
echo "API_KEY=yourapikey123" >> .env
echo "DB_PASSWORD=hunter2" >> .env

  2. Install python-dotenv:

    pip3 install python-dotenv

  3. Modify Your Python Script:

    import os
from dotenv import load_dotenv

load_dotenv()  # Loads the .env file

api_key = os.getenv('API_KEY')
db_password = os.getenv('DB_PASSWORD')

# Your script continues here...

  4. Update .gitignore:

    echo ".env" >> .gitignore

2. Encrypting and Decrypting .env Files with GPG

GnuPG (GPG) is used for encrypting files, ensuring sensitive information like environment variables in .env files is secure.

Steps:

  1. Install GnuPG:

    sudo apt-get update
sudo apt-get install gnupg

  2. Encrypt the .env File:

    gpg --encrypt --recipient your_user_id .env

  3. Decrypt the .env File When Needed:

    gpg --output .env --decrypt .env.gpg

3. Automating Decryption in Python Scripts

Automate the decryption of the .env file at the start of your Python script for convenience while maintaining security.

Example Function:

import subprocess
import os
from dotenv import load_dotenv

def decrypt_env_file():
    subprocess.run(['gpg', '--quiet', '--batch', '--yes', '--decrypt', '--output', '.env', '.env.gpg'])

# Decrypt the .env file
decrypt_env_file()

# Load environment variables
load_dotenv()

# Your main script logic

# Delete the .env file securely after use
os.remove('.env')

4. Backing Up GPG Keys

Regular backups of GPG keys are essential to avoid losing access to encrypted data.

Steps:

  1. Export Your Private Key:

    gpg --export-secret-keys your_user_id > myprivatekey.asc

  2. Export Your Public Key:

    gpg --export your_user_id > mypublickey.asc

5. Basic GPG Commands

Familiarize yourself with basic GPG commands for managing your keys and encrypted files.

Common Commands:

  • List Keys: gpg --list-keys, gpg --list-secret-keys
  • Import Key: gpg --import [file]
  • Export Key: gpg --export -a [email/id] > public.key
  • Delete Key: gpg --delete-key [email/id], gpg --delete-secret-key [email/id]
  • Encrypt File: gpg --encrypt --recipient [email/id] [file]
  • Decrypt File: gpg --decrypt [file.gpg]

By following this guide, you will be able to securely manage environment variables in your Python projects, leveraging dotenv for environment variable management and GnuPG for encryption, ensuring your sensitive data remains protected.