medusa/the_information_nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2f2ee7e4fc76bb09c2fa8c02b278052072353329
the_information_nexus/tech_docs/python/env-GnuPG.md
Whisker Jones aeba9bdb34 structure updates
2024-05-01 12:28:44 -06:00

150 lines
3.8 KiB
Markdown
Raw Blame History

## Managing Environment Variables Securely in Python Projects
This guide provides a step-by-step approach to managing environment variables in Python projects on Ubuntu servers using `dotenv` for handling environment variables and GnuPG (GPG) for file encryption.
### Prerequisites
- Python 3 installed on Ubuntu Server
- Basic familiarity with terminal commands
### Contents
1. [Setting Up dotenv with .env Files](#1-setting-up-dotenv-with-env-files)
2. [Encrypting and Decrypting .env Files with GPG](#2-encrypting-and-decrypting-env-files-with-gpg)
3. [Automating Decryption in Python Scripts](#3-automating-decryption-in-python-scripts)
4. [Backing Up GPG Keys](#4-backing-up-gpg-keys)
5. [Basic GPG Commands](#5-basic-gpg-commands)
---
### 1. Setting Up `dotenv` with `.env` Files
`dotenv` is a module that loads environment variables from a `.env` file into `os.environ`. This section covers creating a `.env` file and integrating `dotenv` into your Python project.
#### Steps:
1. **Create a `.env` File**:
```bash
# Navigate to your project directory
cd /path/to/your/project
# Create a .env file
touch .env
# Add environment variables
echo "API_KEY=yourapikey123" >> .env
echo "DB_PASSWORD=hunter2" >> .env
```
2. **Install `python-dotenv`**:
```bash
pip3 install python-dotenv
```
3. **Modify Your Python Script**:
```python
import os
from dotenv import load_dotenv
load_dotenv() # Loads the .env file
api_key = os.getenv('API_KEY')
db_password = os.getenv('DB_PASSWORD')
# Your script continues here...
```
4. **Update `.gitignore`**:
```bash
echo ".env" >> .gitignore
```
### 2. Encrypting and Decrypting .env Files with GPG
GnuPG (GPG) is used for encrypting files, ensuring sensitive information like environment variables in `.env` files is secure.
#### Steps:
1. **Install GnuPG**:
```bash
sudo apt-get update
sudo apt-get install gnupg
```
2. **Encrypt the `.env` File**:
```bash
gpg --encrypt --recipient your_user_id .env
```
3. **Decrypt the `.env` File When Needed**:
```bash
gpg --output .env --decrypt .env.gpg
```
### 3. Automating Decryption in Python Scripts
Automate the decryption of the `.env` file at the start of your Python script for convenience while maintaining security.
#### Example Function:
```python
import subprocess
import os
from dotenv import load_dotenv
def decrypt_env_file():
subprocess.run(['gpg', '--quiet', '--batch', '--yes', '--decrypt', '--output', '.env', '.env.gpg'])
# Decrypt the .env file
decrypt_env_file()
# Load environment variables
load_dotenv()
# Your main script logic
# Delete the .env file securely after use
os.remove('.env')
```
### 4. Backing Up GPG Keys
Regular backups of GPG keys are essential to avoid losing access to encrypted data.
#### Steps:
1. **Export Your Private Key**:
```bash
gpg --export-secret-keys your_user_id > myprivatekey.asc
```
2. **Export Your Public Key**:
```bash
gpg --export your_user_id > mypublickey.asc
```
### 5. Basic GPG Commands
Familiarize yourself with basic GPG commands for managing your keys and encrypted files.
#### Common Commands:
- **List Keys**: `gpg --list-keys`, `gpg --list-secret-keys`
- **Import Key**: `gpg --import [file]`
- **Export Key**: `gpg --export -a [email/id] > public.key`
- **Delete Key**: `gpg --delete-key [email/id]`, `gpg --delete-secret-key [email/id]`
- **Encrypt File**: `gpg --encrypt --recipient [email/id] [file]`
- **Decrypt File**: `gpg --decrypt [file.gpg]`
---
By following this guide, you will be able to securely manage environment variables in your Python projects, leveraging `dotenv` for environment variable management and GnuPG for encryption, ensuring your sensitive data remains protected.
Reference in New Issue View Git Blame Copy Permalink