# Securing Keys to Access Databases or APIs

## Topics
* Saving key in the environmental variables:
    * When dealing with sensitive information like API keys that you don't want to expose publicly in your GitHub repository, one common approach is to use environment variables. Environment variables are variables that are set outside of the code and can be accessed by the code during runtime.
* Accessing the key
    * During the Docker image build process, Docker itself doesn't directly access environment variables for use within the application code. Instead, Docker can be instructed to set environment variables within the container at runtime, and these variables are accessible by the application running inside the container.
    * Thus, I will let the way to run the python locally here in case you want to access the environment variable. However, when using docker, you would need to expose the key in the docker compose file.
    * If you don't want to expose sensitive information like API keys directly in your Docker Compose file, you can use _Docker secrets_ or external configuration files to securely manage these values.
* (To be continued...) Using Docker Secrets to encrypt the keys

In [1]:
import os

# Get the Yelp API key from the .env file
api_key = os.environ.get("YELP_API_KEY")

if api_key is None:
    print("YELP_API_KEY environment variable is not set!")
    # You can handle this case however you want, such as exiting the program
else:
    headers = {"Authorization": "Bearer {}".format(api_key)}
    params = {"term": "bookstore", 
              "location": "San Francisco"}
    print(api_key)



CSS3DVqbE-UidPxDG9NKUa9B8m_yNfAlXqoAfAANycE663eIVs7lOaAMpnJd2o7m8GCFG7pwAtv2JK45zlZiqQcu-t2cCTmQLQ5o2PmbMlO3P9t_7ghtYfWO2MYwZnYx


In [None]:
# Step by Step for Docker Secrets

# 1) Initialize Docker Swarms
    # Check if you have Docker Swarms
        # cmd (local machine, outside the container) -> docker info
    # Look for the line that says "Swarm: active" under the "Swarm" section. If it says "active," then Docker Swarm is already initialized on your machine.
    # If it says "inactive," Docker Swarm is not initialized. If Swarm is inactive: You need to initialize Docker Swarm.
        # cmd (local machine, outside the container) -> docker swarm init
    # Docker Swarm cannot be initialized within a Dockerfile or Docker Compose file. 
    # Docker Swarm is a separate orchestration tool that needs to be initialized on the Docker host machine itself, not within individual containers or services.
    # The initialization of Docker Swarm is a one-time setup process that is performed on the Docker host machine to prepare it for running services in a Swarm mode.

#2) Create Docker Secrets for each credential
    # Docker Secrets cannot be created directly in the Dockerfile or the Docker Compose file. They must be created manually.
        # cmd (local machine, outside the container):
            # echo "xyz" | docker secret create POSTGRES_USER -
            # echo "xyz" | docker secret create POSTGRES_PASSWORD -
            # echo "xyz" | docker secret create POSTGRES_DB -
            # echo "your_api_key" | docker secret create YOUR_API_KEY_NAME -
    # To check that the credentials were created, do for each one:
        # cmd -> docker secret inspect POSTGRES_USER

# (TO BE CONTINUED)