## Python Environment Variables

**Hiding secret info in Python using environment variables**

    If you’ve worked on software engineering or data science projects that require some form of API keys, you would’ve noticed a flaw in sharing the code online: the secret information will be out there for everyone to see and possibly misuse! A classic example is a pair of a username and a password for a database. We certainly don’t want that to leak. How do we prevent this?
    
**Environment variables are the answer!**

**What is an Environment Variable?**

    An environment variable is a variable whose value is set outside the program, typically through functionality built into the operating system or microservice. An environment variable is made up of a name/value pair, and any number may be created and available for reference at a point in time.
    
    The “environment” in “environment variable” refers to the environment your program is running in (either your computer (local) or server (remote)). As you can guess, an environment variable has something to do with the environment the program is running in. Thus, unlike a variable of a programming language, the environment variable is tied to your environment (of your operating system) and not any particular programming language. Thus, you can reuse them in different languages.
    
[YouTube](https://www.youtube.com/watch?v=5iWhQWVXosU)

**Insecure way of storing secret info in python code**

In [3]:
db_user = 'my_db_user'
db_password = 'my_db_pass_123'

print(db_user)
print(db_password)

my_db_user
my_db_pass_123


**Display current system Environment Variables**

In [1]:
%reset -f
%env

{'HOSTNAME': '73db554b10f2',
 'PYTHON_PIP_VERSION': '19.3.1',
 'HOME': '/root',
 'GPG_KEY': '<hidden>',
 'PYTHON_GET_PIP_URL': 'https://github.com/pypa/get-pip/raw/ffe826207a010164265d9cc807978e3604d18ca0/get-pip.py',
 'PATH': '/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
 'LANG': 'C.UTF-8',
 'PYTHON_VERSION': '3.7.5',
 'PWD': '/',
 'PYTHON_GET_PIP_SHA256': 'b86f36cc4345ae87bfd4f10ef6b2dbfa7a872fbff70608a1e43944d283fd0eee',
 'KERNEL_LAUNCH_TIMEOUT': '40',
 'JPY_PARENT_PID': '6',
 'TERM': 'xterm-color',
 'CLICOLOR': '1',
 'PAGER': 'cat',
 'GIT_PAGER': 'cat',
 'MPLBACKEND': 'module://ipykernel.pylab.backend_inline'}

**Add new environment variable**

    As the environment variable is tied to the environment, creation depends on your operating system and its usage depends on the programming language you want to use it in.

In [6]:
%set_env DB_USER="my_db_user"
%set_env DB_PASS="my_db_pass_123"
%env

env: DB_USER="my_db_user"
env: DB_PASS="my_db_pass_123"


{'HOSTNAME': '73db554b10f2',
 'PYTHON_PIP_VERSION': '19.3.1',
 'HOME': '/root',
 'GPG_KEY': '<hidden>',
 'PYTHON_GET_PIP_URL': 'https://github.com/pypa/get-pip/raw/ffe826207a010164265d9cc807978e3604d18ca0/get-pip.py',
 'PATH': '/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
 'LANG': 'C.UTF-8',
 'PYTHON_VERSION': '3.7.5',
 'PWD': '/',
 'PYTHON_GET_PIP_SHA256': 'b86f36cc4345ae87bfd4f10ef6b2dbfa7a872fbff70608a1e43944d283fd0eee',
 'KERNEL_LAUNCH_TIMEOUT': '40',
 'JPY_PARENT_PID': '6',
 'TERM': 'xterm-color',
 'CLICOLOR': '1',
 'PAGER': 'cat',
 'GIT_PAGER': 'cat',
 'MPLBACKEND': 'module://ipykernel.pylab.backend_inline',
 'DB_USER': '"my_db_user"',
 'DB_PASS': '"my_db_pass_123"'}

In [7]:
import os

db_user = os.environ.get('DB_USER')
db_password = os.environ.get('DB_PASS')

print(db_user)
print(db_password)

"my_db_user"
"my_db_pass_123"


**Adding Environment Variables in Docker Images**

`FROM busybox
ENV foo /bar`

**Environment variables supported in the Dockerfile:**

    Environment variables (declared with the ENV statement) can also be used in certain instructions as variables to be interpreted by the Dockerfile. Escapes are also handled for including variable-like syntax into a statement literally.

Example (parsed representation is displayed after the #):

`FROM busybox
ENV foo /bar
WORKDIR ${foo}   # WORKDIR /bar
ADD . $foo       # ADD . /bar
COPY \$foo /quux # COPY $foo /quux`

* ADD
* COPY
* ENV
* EXPOSE
* FROM
* LABEL
* STOPSIGNAL
* USER
* VOLUME
* WORKDIR

**Example**

`:➜  cat Dockerfile
FROM busybox
ENV foo CaseyBoy
:➜
:➜  docker build -f Dockerfile -t testimage .
:➜
:➜  docker container run --rm -it testimage sh
/ # env
HOSTNAME=a65fe3665224
SHLVL=1
foo=CaseyBoy
HOME=/root
TERM=xterm
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
:➜
`

**Environment Valriables During Docker Build**

    ARG is for setting environment variables which are used during the docker build process - they are not present in the final image, which is why you don't see them when you use docker run.

    You use ARG for settings that are only relevant when the image is being built, and aren't needed by containers which you run from the image. You can use ENV for evnvironment variables to use during the build and in containers.

Dockerfile:

`FROM ubuntu                                                                                                            
ARG BUILD_TIME=abc                                                                                                     
ENV RUN_TIME=123                                                                                                       
RUN touch /env.txt                                                                                                     
RUN printenv > /env.txt`

    You can override the build arg as you have done with "docker build -t temp --build-arg BUILD_TIME=def ."
    
`> docker run temp cat /env.txt                                                                                         
HOSTNAME=b18b9cafe0e0                                                                                                  
RUN_TIME=123                                                                                                           
HOME=/root                                                                                                             
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin                                                      
BUILD_TIME=def                                                                                                         
PWD=/` 