Correct way to protect a private API key when versioning a python application on a public git repo

Posted by systempuntoout on Stack Overflow See other posts from Stack Overflow or by systempuntoout
Published on 2010-06-09T13:19:00Z Indexed on 2010/06/09 13:22 UTC
Read the original article Hit count: 165

I would like to open-source a python project on Github but it contains an API key that should not be distributed.
I guess there's something better than removing the key each time a "push" is committed to the repo.

Imagine a simplified foomodule.py :

import urllib2
API_KEY = 'XXXXXXXXX'
urllib2.urlopen("http://example.com/foo?id=123%s" % API_KEY ).read()

What i'm thinking is:

  1. Move the API_KEY in a second key.py module importing it on foomodule.py; i would then add key.py on .gitignore file.

  2. Same as 1 but using ConfigParser

Do you know a good programmatic way to handle this scenario?

© Stack Overflow or respective owner

Related posts about python

Related posts about best-practices