Return to Level1Techs.com

Github Repo Creator Project and API Question

I was tired of having to go to github and use the UI to create a repo before I could add files to it so I researched the API options. I then realized I could curl the process but this was bulky and wasn’t user friendly.

I then built a python proof of concept script that creates a repo and works properly using requests and the post action. I have set the API key in my environment variables and that works fine when pulling them using:

os.environ["ENV_VAR"]

I have compiled this using pyinstaller and the binary works great. So for my own use I can toss it in my /bin folder and go to town, (maybe I’ll compile on windows and mac too at some point, who knows?).

My question is how to best set the API key for external users? Would requiring them to add the key to environment variables be fine, or is there a better way?

I was thinking about making a script that asks for the API key, storing that in an encrypted file and then decrypting that file every time the app runs but that seems like it would end up being about as insecure as using an environment variable.

How do you tackle API key storage? Any code examples, web pages etc would be really helpful.

If you are interested in this project, I will not have it published live for a while as I’m currently considering how many switches I want to add based on the API reference here:

An ENV var is totally appropriate and is what most apps / api’s require, or you can go old-school and just have a config file.

1 Like

Got it, thanks for the confirmation, I tossed it up on github today, we’ll see if anyone complains about it

:slight_smile:

1 Like

If it’s your own app, no one should be complaining about it. It’s pretty well the industry standard way to get keys in there.

It’s ultimately up to the user to ensure the safety of the key (if they want to get it there with a secret manager etc, shouldn’t matter to you).

Since you wanted some code examples, I forgot to put one earlier, but it seems you have it all under control anyways: https://github.com/mcgillij/py3status-github-notifications here’s just one of my random repos on there with room for an API key.

1 Like