# Generating and Storing API Keys

## Learning Objectives
By the end of this section, you will be able to:
- Understand the difference between User Interfaces (UI) and Application Programming Interfaces (API)
- Generate a free Gemini API key from Google AI Studio
- Store API keys securely using multiple methods in Google Colab
- Choose the right method for different scenarios

## Why This Matters: Real-World AI/RAG/Agentic Applications
**In AI Systems:**
- APIs are the foundation of all AI integrations - they let your code talk to powerful AI models
- API keys provide secure, authenticated access to AI services
- Proper key management prevents unauthorized access and protects your usage limits

**In RAG Pipelines:**
- RAG systems use APIs to send retrieved context + user query to LLMs
- Secure key storage ensures your RAG application runs safely in production

**In Agentic AI:**
- Agents use LLM APIs as their "brain" to make decisions and generate responses
- Multiple agents may need to access the same API with proper authentication

## Prerequisites
- Understanding of variables and strings (Lesson 01)
- A Google account (to get a free Gemini API key)

---

## Instructor Activity 1: Understanding APIs
**Concept**: The difference between User Interfaces (UI) and Programming Interfaces (API)

### UI vs API: What's the Difference?

**User Interface (UI)** - For humans:
- Gmail UI: Click buttons, read emails, type messages
- ChatGPT UI: Type in chat box, see responses
- Google Docs UI: See formatted text, use menus

**Application Programming Interface (API)** - For code:
- Gmail API: Your code reads/sends emails automatically
- OpenAI API: Your code sends questions → receives AI responses
- Gemini API: Your code talks to Google's AI programmatically

**Key Difference:**
- **UI**: Humans interact manually (one at a time)
- **API**: Code automates tasks (thousands at a time)

---

### Example: Email Automation

**Manual (UI):**
1. Open Gmail
2. Read each email
3. Manually reply

**Automated (API):**
```python
emails = gmail_api.get_unread_emails()
for email in emails:
    if "urgent" in email.subject:
        gmail_api.send_reply(email, "I'll respond shortly!")
```

**The API lets you automate what you'd do manually!**

---

### Why API Keys?

**UI Access:** Username + Password  
**API Access:** API Key (like a password for programs)

**API keys:**
- Prove you're authorized
- Track your usage (free tiers have limits)
- Keep your account secure

**Example:**
- ChatGPT website → Login with email/password
- OpenAI API in code → Use API key

---

## Instructor Activity 2: Generating Your Gemini API Key
**Concept**: How to obtain a free API key from Google AI Studio

### Step-by-Step Guide

**Step 1: Access Google AI Studio**
- Go to: https://aistudio.google.com/app/apikey
- Sign in with your Google account

**Step 2: Accept Terms of Service**
- First-time visitors will see a Terms of Service pop-up
- Read and click "Accept" or "Continue"

**Step 3: Create API Key**
- Click "Create API key" or "Get API key" button
- Choose "Create key in new project" (recommended for beginners)
- Google automatically creates a Cloud project for you

**Step 4: Copy Your Key**
- Your API key will be generated immediately
- It looks like: `AIzaSyB...` (a long string of random characters)
- Copy it to use in the next section

⚠️ **Security Note:** Treat your API key like a password - don't share it publicly!

---

## Learner Activity 1: Generate Your API Key
**Practice**: Get your own Gemini API key

### Exercise: Create Your API Key

**Task**: Follow the steps above and generate your own Gemini API key

**Checklist:**
- [ ] Visited https://aistudio.google.com/app/apikey
- [ ] Signed in with Google account
- [ ] Accepted Terms of Service
- [ ] Created API key in new project
- [ ] Copied the key (starts with `AIzaSy...`)

**Keep your key ready** - you'll use it in the activities below!

---

## Instructor Activity 3: Storing API Keys in Google Colab
**Concept**: Different methods to store and use API keys securely

### Method 1: Direct Variable Assignment (❌ Not Recommended)

**How it works:**

In [None]:
# Method 1: Direct assignment
google_api_key = "AIzaSyB1234567890..."  # ⚠️ DANGER!
print("API key stored in variable")

**Why this works:**
- Simple - just assigns the key to a variable
- Immediate - no extra steps needed

**Why you shouldn't do this:**
- ❌ Key is visible in your notebook
- ❌ Anyone who sees your screen gets your key
- ❌ If you share notebook, key is included
- ❌ If you save to GitHub, key becomes public

**Result:** Someone could steal your key and use YOUR free quota!

---

### Method 2: Colab Secrets (✅ Recommended for Colab)

**How it works:**

In [None]:
# Method 2: Colab Secrets
from google.colab import userdata

google_api_key = userdata.get('GOOGLE_API_KEY')
print("✅ API key loaded from Colab Secrets")

**Setup steps:**
1. Click the 🔑 icon in the left sidebar (Secrets section)
2. Click "Add new secret"
3. Name: `GOOGLE_API_KEY`
4. Value: Paste your actual API key
5. Toggle on "Notebook access"

**Why this works:**
- Keys stay encrypted on Google's servers
- Not visible in your notebook code
- Safe to share notebooks
- Safe to share screenshots

**Best for:** Working in Colab when you might share your notebook

---

### Method 3: Getpass (✅ Good for Interactive Use)

**How it works:**

In [None]:
# Method 3: Getpass
from getpass import getpass

google_api_key = getpass("Enter your Gemini API key: ")
print("✅ API key entered securely")

**Why this works:**
- `getpass` hides what you type (like password fields)
- Input is not stored in notebook
- Safe to share notebooks

**Limitation:**
- You'll need to re-enter the key every time you restart your runtime

**Best for:** One-off use, learning exercises, sharing notebooks

---

### Method 4: Environment Variables (✅ Professional Approach)

**How it works:**

In [None]:
# Method 4: Environment Variables
import os
from getpass import getpass

# Set environment variable (hidden input)
os.environ["GOOGLE_API_KEY"] = getpass("Enter GOOGLE_API_KEY: ")

# Verify it's set
if "GOOGLE_API_KEY" in os.environ:
    print("✅ API key stored in environment variable")
else:
    print("❌ API key not found")

**What's `os.environ`?**
- A dictionary of environment variables (key-value pairs)
- Lives at the operating system level, not just in Python
- Accessible system-wide to any process

**Environment Variables vs Regular Variables:**

```python
# Regular variable - only your Python code can see it
api_key = "abc123"

# Environment variable - any process can access it
os.environ["API_KEY"] = "abc123"
```

**Why use environment variables?**
- Standard location where libraries automatically look for config
- Child processes inherit them automatically
- Makes your code more portable
- Professional pattern everyone uses

**Example - automatic detection:**
```python
import openai
# Automatically finds OPENAI_API_KEY in os.environ
# No need to pass api_key parameter everywhere!
```

**Accessing environment variables:**

In [None]:
# Get key (returns None if missing)
key = os.environ.get("GOOGLE_API_KEY")

# Get key (raises error if missing)
key = os.environ["GOOGLE_API_KEY"]

print(f"Key exists: {key is not None}")

**Important Note:**
- In Colab, environment variables only last for your current runtime session
- When runtime restarts, they're gone (just like regular variables)
- For persistent storage in Colab, use Method 2 (Colab Secrets)

**Best for:** Production applications, following industry standards

---

## Learner Activity 2: Practice Storing API Keys
**Practice**: Try different methods to store your API key

### Exercise 1: Use Getpass Method

**Task**: Store your API key using the getpass method

**Expected Output**:
```
Enter your Gemini API key: ········
✅ API key stored securely!
Key length: 39 characters
```

**Hint**: Import getpass, prompt for input, store in variable, print confirmation

In [None]:
# Your code here

<details>
<summary>Solution</summary>

```python
from getpass import getpass

# Get API key securely (typing is hidden)
api_key = getpass("Enter your Gemini API key: ")

# Confirm it's stored
print("✅ API key stored securely!")
print(f"Key length: {len(api_key)} characters")
```

**Why this works:**
- `from getpass import getpass` → Imports the secure input function
- `getpass("Enter...")` → Prompts for input but hides what you type (shows dots or nothing)
- `api_key` variable stores the hidden input
- `len(api_key)` → Gets length without revealing the actual key
- Your key remains secure - not visible in the notebook!

</details>

---

### Exercise 2: Use Environment Variables

**Task**: Store your API key as an environment variable and verify it's accessible

**Expected Output**:
```
Enter GOOGLE_API_KEY: ········
✅ Environment variable set successfully
✅ Key can be retrieved: True
```

**Hint**: Use `os.environ` to set the variable, then check if it exists using `in` operator

In [None]:
# Your code here

<details>
<summary>Solution</summary>

```python
import os
from getpass import getpass

# Set environment variable with hidden input
os.environ["GOOGLE_API_KEY"] = getpass("Enter GOOGLE_API_KEY: ")
print("✅ Environment variable set successfully")

# Verify it's accessible
can_retrieve = "GOOGLE_API_KEY" in os.environ
print(f"✅ Key can be retrieved: {can_retrieve}")

# Optionally retrieve it (without printing the actual key)
retrieved_key = os.environ.get("GOOGLE_API_KEY")
print(f"Retrieved key length: {len(retrieved_key) if retrieved_key else 0}")
```

**Why this works:**
- `import os` → Gives access to operating system functions
- `os.environ["GOOGLE_API_KEY"] = ...` → Sets an environment variable (like a system-wide variable)
- `"GOOGLE_API_KEY" in os.environ` → Checks if the variable exists (returns True/False)
- `os.environ.get("GOOGLE_API_KEY")` → Retrieves the value safely (returns None if missing)
- Many AI libraries automatically look for `GOOGLE_API_KEY` in environment variables!

**Professional tip:** This is the industry-standard way to manage API keys in production applications.

</details>

---

## Optional Extra Practice
**Challenge yourself with these key management scenarios**

### Challenge 1: Setup Colab Secrets

**Task**: Set up and use Colab Secrets (if you're running this in Google Colab)

**Steps:**
1. Click the 🔑 icon in left sidebar
2. Add new secret named `GOOGLE_API_KEY`
3. Paste your API key as the value
4. Enable notebook access
5. Run the code below to test

In [None]:
# Your code here - load from Colab Secrets

<details>
<summary>Solution</summary>

```python
from google.colab import userdata

try:
    # Load API key from Colab Secrets
    api_key = userdata.get('GOOGLE_API_KEY')
    print("✅ API key loaded from Colab Secrets")
    print(f"Key length: {len(api_key)} characters")
except Exception as e:
    print(f"❌ Error: {e}")
    print("Make sure you've added GOOGLE_API_KEY in Colab Secrets (🔑 icon)")
```

**Why this works:**
- `from google.colab import userdata` → Imports Colab's secret management system
- `userdata.get('GOOGLE_API_KEY')` → Retrieves the secret you stored in Colab
- Secrets are encrypted and never appear in your notebook
- This is the MOST secure way to use API keys in Google Colab!
- Your notebook remains shareable without exposing your key

**Note:** This only works in Google Colab, not in local Jupyter notebooks.

</details>

---

### Challenge 2: Build a Key Validator

**Task**: Create a program that:
1. Prompts for an API key using getpass
2. Checks if it starts with "AIzaSy" (valid Gemini key format)
3. Checks if length is reasonable (should be 39 characters)
4. Prints validation results

**Expected Output**:
```
Enter your API key: ········
✅ Format: Valid (starts with AIzaSy)
✅ Length: Valid (39 characters)
✅ Key appears to be valid!
```

In [None]:
# Your code here

<details>
<summary>Solution</summary>

```python
from getpass import getpass

# Get API key
api_key = getpass("Enter your API key: ")

# Validate format
valid_format = api_key.startswith("AIzaSy")
print(f"{'✅' if valid_format else '❌'} Format: {'Valid' if valid_format else 'Invalid'} (should start with AIzaSy)")

# Validate length
valid_length = len(api_key) == 39
print(f"{'✅' if valid_length else '❌'} Length: {'Valid' if valid_length else 'Invalid'} ({len(api_key)} characters, should be 39)")

# Overall validation
if valid_format and valid_length:
    print("✅ Key appears to be valid!")
else:
    print("❌ Key validation failed. Double-check your API key.")
```

**Why this works:**
- `api_key.startswith("AIzaSy")` → Checks if string begins with specific characters
- `len(api_key) == 39` → Verifies the key has the expected length
- Uses conditional expressions to show ✅ or ❌
- This is basic validation - doesn't check if the key actually works (that requires an API call)

**Real-world use:** Production applications validate inputs before making API calls to catch errors early!

</details>

---

### Challenge 3: Compare All Methods

**Task**: Create a summary comparing all four methods of storing API keys

For each method, print:
- Method name
- Security level (Low/Medium/High)
- Best use case
- One pro and one con

**Hint**: Use print statements and string formatting

In [None]:
# Your code here

<details>
<summary>Solution</summary>

```python
print("API Key Storage Methods Comparison\n")
print("=" * 50)

# Method 1
print("\n1. Direct Variable Assignment")
print("   Security: ❌ Low")
print("   Best for: Never use in real projects")
print("   Pro: Simplest to implement")
print("   Con: Key is visible in notebook")

# Method 2
print("\n2. Colab Secrets")
print("   Security: ✅ High")
print("   Best for: Working in Google Colab")
print("   Pro: Encrypted, persistent, safe to share notebooks")
print("   Con: Only works in Colab, not local Jupyter")

# Method 3
print("\n3. Getpass")
print("   Security: ✅ High")
print("   Best for: Learning, one-off use, sharing notebooks")
print("   Pro: Hidden input, safe to share")
print("   Con: Must re-enter after runtime restart")

# Method 4
print("\n4. Environment Variables")
print("   Security: ✅ High")
print("   Best for: Production apps, following industry standards")
print("   Pro: Professional pattern, auto-detected by libraries")
print("   Con: Session-only in Colab (not persistent)")

print("\n" + "=" * 50)
print("\n📌 Recommendation: Use Colab Secrets (Method 2) for most Colab work!")
```

**Why this works:**
- Organizes information clearly using formatted output
- Uses visual indicators (✅/❌) for quick understanding
- Provides a comparison framework you can adapt for any decision-making
- Shows how to present technical information professionally

**Real-world use:** Security documentation often includes comparison tables like this to help developers choose the right approach!

</details>

---

## Summary: What You've Learned

✅ **Understanding APIs**
- Difference between UI (for humans) and API (for code)
- Why API keys are needed for authentication

✅ **Generating API Keys**
- How to get a free Gemini API key from Google AI Studio
- Where to find and copy your key

✅ **Storing API Keys Securely**
- Method 1: Direct assignment (❌ never use)
- Method 2: Colab Secrets (✅ best for Colab)
- Method 3: Getpass (✅ good for learning/sharing)
- Method 4: Environment variables (✅ professional standard)

**Next Steps:**
- **Lesson 02.02**: Use your API key to build AI-powered applications!
- Learn the 5-step process to call AI APIs
- Build your first interactive AI program

---

🔐 **Remember:** Keep your API keys secure - they're like passwords for your code!

Ready to build AI applications? See you in the next lesson! 🚀