In [2]:
pip install krixik

Note: you may need to restart the kernel to use updated packages.



[notice] A new release of pip is available: 23.3.1 -> 24.0
[notice] To update, run: python.exe -m pip install --upgrade pip


In [3]:
import sys 
sys.path.append('..')
from dotenv import load_dotenv
import os
load_dotenv()

LUCAS_STAGING_API_KEY=os.getenv('LUCAS_STAGING_API_KEY')
LUCAS_STAGING_API_URL=os.getenv('LUCAS_STAGING_API_URL')

# import Krixik
from krixik import krixik
krixik.init(api_key = LUCAS_STAGING_API_KEY, 
            api_url = LUCAS_STAGING_API_URL)

import json
def json_print(data):
    print(json.dumps(data, indent=2))

%load_ext autoreload
%autoreload 2 

SUCCESS: You are now authenticated.


---

---

---

# Why—and How—You Should Keep Your Secrets in an .ENV File

### Introduction

Information security begins with you.

You've probably heard this many times. Two things stand:

- It's true.
- People don't take it to heart.

The world is unfortunately full of criminals, ne'er-do-wells, and others who are all too happy to illegitimately access private information and systems and cause harm. Although this has been true for many decades, many experienced professionals still make it easy for them through shoddy security practices including:

- Vanilla passwords (e.g. 'password1')
- Storing their passwords where they can easily be accessed
- Clicking on links in suspicious emails
- Carelessly accessing secure systems in public places
- **Accidentally publishing confidential information to public forums or repositories**

A common version of this last point is accidentally publishing API secrets (e.g. an API key) with code, thus giving everybody out there access to whatever private systems these secrets protect.

The best way to keep this from happening is simply to never have your API secrets in your code. This can be accomplished by keeping what are known as 'environment variables' in a `.env` file.

### The `.env` file

An `.env` file is a repository for environment variables, which are variables that hold information on the environment you're running your processes on. Simply put, in the `.env` file you define the value for these variables, and it's the only place these values are displayed. Anywhere else just shows the variable names, and thus their values (i.e. your secrets) are kept secure.

For example, [Krixik](https://krixik-docs.readthedocs.io/en/latest/) users are given three different secrets when they set their account up. These are:

- user_id
- api_key
- api_url

Anybody in possession of these has full access to the user's account: to their data, their [pipelines](https://krixik-docs.readthedocs.io/en/latest/system/pipeline_creation/components_of_a_krixik_pipeline/), their ability to generate charges, etc. It's thus best to keep these separate from any code in which Krixik is leveraged.

The contents of a Krixik .env file might look like this:

> MY_API_KEY=XXab12XX-X12X-X12X-X12X-XXabcd1234XX
> MY_API_URL=https://abcde12345.execute-api.us-west-2.amazonaws.com/pro
> MY_USER_ID=XX12ab-XabX-XabX-XabX-XX1234abcdXX

### python-dotenv

If you're using Python, which <u>for now</u> is the only language the Krixik client supports, you'll need to leverage [python-dotenv](https://pypi.org/project/python-dotenv/) if you wish to use `.env` files for your processes. To learn about it in detail, please [click here](https://pypi.org/project/python-dotenv/).

### Code example: using .env with Krixik

We'll continue our [Krixik](https://krixik-docs.readthedocs.io/en/latest/) example with `.env` files. To do so, we simply need to run the following code when beginning a Krixik process. What follows could normally be in a single code block, but we'll break it up into separate code cells here for clarity.

First, in case this is our very first Krixik process, we must [pip install](https://pypi.org/project/pip/) the Krixik client:

In [None]:
# pip install the Krixik client
pip install krixik

Now we'll need to bring `dotenv` through `sys` and load our `.env` file, as follows:

In [None]:
# bring dotenv through sys and load .env file
import sys 
sys.path.append('..')
from dotenv import load_dotenv
import os
load_dotenv()

Our next step is to load the specific Krixik secrets we wish into variables here. We will use the `.env` file example earlier detailed in this document. The code to load our necessary API secrets is:

In [None]:
# set your secrets into local variables
READY_API_KEY=os.getenv('MY_API_KEY')
READY_API_URL=os.getenv('MY_API_URL')

Finally, we'll import [Krixik](https://krixik-docs.readthedocs.io/en/latest/) and [initialize](https://krixik-docs.readthedocs.io/en/latest/system/initialization/initialize_and_authenticate/) a session with our `api_key` and `api_url` secrets.

In [None]:
# import krixik and initialize a session with our secrets
from krixik import krixik
krixik.init(api_key = READY_API_KEY, 
            api_url = READY_API_URL)

That's it! Our session initialized, we are now ready to start [creating](https://krixik-docs.readthedocs.io/en/latest/system/pipeline_creation/create_pipeline/) Krixik pipelines and building to our heart's content.

Note that at no point in this opening code block is the value of any of the API secrets revealed. Our `user_id`, `api_key`, and `api_url` have remained hidden in a `.env` file that's safely ensconced away in the local drive, and are thus completely inaccessible to anybody trying to gain illegitimate access to this Krixik account.

This doesn't just apply for Krixik, of course. Environment variables and [python-dotenv](https://pypi.org/project/python-dotenv/) `.env` files are valuable tools for secure Python operation, regardless what sort of project you're working on.