# Environment Variables Demo - Accidental Secret Exposure

This notebook demonstrates **good practice** (reading from env files) but shows how secrets can accidentally leak through print statements.

⚠️ **This shows what happens when debugging code exposes secrets in output cells**

In [None]:
import os

In [None]:
# Good practice: Read API keys from environment
openai_key = os.getenv('OPENAI_API_KEY')
stripe_key = os.getenv('STRIPE_SECRET_KEY')
github_token = os.getenv('GITHUB_TOKEN')

print("API keys loaded from environment:")
print(f"OpenAI key length: {len(openai_key) if openai_key else 0}")
print(f"Stripe key length: {len(stripe_key) if stripe_key else 0}")
print(f"GitHub token length: {len(github_token) if github_token else 0}")

In [None]:
# 🚨 MISTAKE: Accidentally printing secrets while debugging
print("\n=== DEBUG INFO (OOPS!) ===")
print(f"OpenAI API Key: {openai_key}")  # This will expose the secret!
print(f"Stripe Secret: {stripe_key}")   # This will expose the secret!
print(f"GitHub Token: {github_token}")  # This will expose the secret!

# This kind of debugging output is common but dangerous
print("\nAll environment variables:")
for key, value in os.environ.items():
    if 'API' in key or 'SECRET' in key or 'TOKEN' in key or 'KEY' in key:
        print(f"{key}={value}")  # Exposing multiple secrets!

In [None]:
# Another common mistake: Error handling that exposes secrets
try:
    response = requests.get(
        "https://api.openai.com/v1/models",
        headers={"Authorization": f"Bearer {openai_key}"}
    )
    print(f"API call successful: {response.status_code}")
except Exception as e:
    # Bad: This might print the full request including headers with secrets
    print(f"Error occurred: {e}")
    print(f"Request headers: {{'Authorization': 'Bearer {openai_key}'}}")
    print(f"Full API key for debugging: {openai_key}")

## What went wrong?

Even though this notebook follows best practices by:
- ✅ Reading secrets from environment variables
- ✅ Not hardcoding secrets in the source code

It still exposes secrets through:
- 🚨 Debug print statements
- 🚨 Error handling that logs sensitive data
- 🚨 Output cells containing the actual secret values

**This is why `nbstripout` is important** - it catches secrets in notebook outputs!