The correct way to protect a private API key when versioning a python application in a public git repository

Question

The correct way to protect a private API key when versioning a python application in a public git repository

I want to open an open source python project on Github, but it contains an API key that should not be distributed.
I think there is something better than deleting a key every time a push is attached to a repo.

Imagine a simplified one foomodule.py:

import urllib2
API_KEY = 'XXXXXXXXX'
urllib2.urlopen("http://example.com/foo?id=123%s" % API_KEY ).read()

I think:

Move API_KEY to the second key.pymodule importing it to foomodule.py; Then I added key.pyto the file .gitignore.
Same as 1. but using ConfigParser

Do you know a good software way to handle this scenario?

+3

python version-control configuration

systempuntoout Jun 09 '10 at 13:19

source share

2

- . , . , . , , .

+1

unbeli 09 . '10 13:24

SilentGhost · Accepted Answer · 2010-06-09T13:29:30+0000

key_template.py:

domain = 'example.com'
API_KEY =

, (, API_KEY) key.py. key.py . , Python ConfigParser.

key.py.

The correct way to protect a private API key when versioning a python application in a public git repository

More articles: