[DEVEDSB-22] Replace SID placeholders with env vars (TwilioDevEd#848)

* Replace sid placeholders with env vars on .js files

* Replace sid placeholders with env vars on .cs files

* Replace sid placeholders with env vars on .php files

* Replace sid placeholders with env vars on .rb files

* Replace sid placeholders with env vars on .py files

* [DEVEDSB-22] Use environment variables for credentials in Java snippets

* Replace missing placeholders

Co-authored-by: Maylon Pedroso <mpedroso@stackbuilders.com>

Author: mmena1

README.md

@@ -3,30 +3,36 @@
 
 ## Guidelines
 
-1. Snippets should use placeholders for user information in a format that
-   resembles the original value. For example:
-
+1. Snippets should use environmental variables to store user account information
+   instead of placeholders. For example (in NodeJS):
    ```
-   Account SID: ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-   Call SID:    CAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-   API Key:     SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+   accountSid = process.env.TWILIO_ACCOUNT_SID
+   ```
+   Instead of:
    ```
+   accountSid = "ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+   ```
+   As the latter impose a high security risk for users who push their own credentials
+   on public repositories.
 
-   **Note:** This is important as Twilio libraries use these values as a part
-   of the URL for API requests. When testing the snippets real requests will
-   be made to a fake server.
+1. Critical user account information that should be stored on environmental variables is:
+    - Account SID
+    - Sub accounts SIDs
+    - Authentication Token
+    - API key SID
+    - API key Secret
 
-   In the case of phone numbers, the following should be used:
+   Any other information such as Call SID, etc. can have placeholders on them:
 
    ```
-   Destination Phone Number: +15558675310
-   From/Twilio Number: +15017122661
+   Call SID:    CAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    ```
 
-   For auth_token:
+   In the case of phone numbers, the following should be used:
 
    ```
-   Auth Token: your_auth_token
+   Destination Phone Number: +15558675310
+   From/Twilio Number: +15017122661
    ```
 
 1. **Snippet file names are important**. A snippet's file extension is the only

add-ons/lookups/payfone-tcpa-compliance/payfone-tcpa-compliance.3.x.js

@@ -1,6 +1,7 @@
 // Get your Account SID and Auth Token from twilio.com/console
-const accountSid = 'ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
-const authToken = 'your_auth_token';
+// To set up environmental variables, see http://twil.io/secure
+const accountSid = process.env.TWILIO_ACCOUNT_SID;
+const authToken = process.env.TWILIO_AUTH_TOKEN;
 
 // Download the Node.js helper library from twilio.com/docs/libraries/node
 const client = require('twilio')(accountSid, authToken);

add-ons/lookups/payfone-tcpa-compliance/payfone-tcpa-compliance.5.x.cs

@@ -12,8 +12,9 @@ class MainClass
         public static void Main(string[] args)
         {
             // Get your Account SID and Auth Token from twilio.com/console
-            const string accountSid = "ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
-            const string authToken = "your_auth_token";
+            // To set up environmental variables, see http://twil.io/secure
+            const string accountSid = Environment.GetEnvironmentVariable("TWILIO_ACCOUNT_SID");
+            const string authToken = Environment.GetEnvironmentVariable("TWILIO_AUTH_TOKEN");
 
             TwilioClient.Init(accountSid, authToken);
 

add-ons/lookups/payfone-tcpa-compliance/payfone-tcpa-compliance.5.x.php

@@ -6,8 +6,9 @@
 use Twilio\Rest\Client;
 
 // Get your Account SID and Auth Token from twilio.com/console
-$accountSid = "ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
-$authToken = "your_auth_token";
+// To set up environmental variables, see http://twil.io/secure
+$accountSid = getenv('TWILIO_ACCOUNT_SID');
+$authToken = getenv('TWILIO_AUTH_TOKEN');
 
 $client = new Client($accountSid, $authToken);
 

add-ons/lookups/payfone-tcpa-compliance/payfone-tcpa-compliance.5.x.rb

@@ -2,8 +2,9 @@
 require 'twilio-ruby'
 
 # Get your Account SID and Auth Token from twilio.com/console
-account_sid = 'ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
-auth_token = 'your_auth_token'
+# To set up environmental variables, see http://twil.io/secure
+account_sid = ENV['TWILIO_ACCOUNT_SID']
+auth_token = ENV['TWILIO_AUTH_TOKEN']
 
 # Initialize Twilio Client
 @client = Twilio::REST::Client.new(account_sid, auth_token)

add-ons/lookups/payfone-tcpa-compliance/payfone-tcpa-compliance.6.x.py

@@ -1,9 +1,11 @@
 # Download the Python helper library from twilio.com/docs/libraries/python
+import os
 from twilio.rest import Client
 
 # Get your Account SID and Auth Token from twilio.com/console
-account_sid = "ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
-auth_token = "your_auth_token"
+# To set up environmental variables, see http://twil.io/secure
+account_sid = os.environ['TWILIO_ACCOUNT_SID']
+auth_token = os.environ['TWILIO_AUTH_TOKEN']
 client = Client(account_sid, auth_token)
 
 add_ons_data = {"payfone_tcpa_compliance.RightPartyContactedDate": "20160101"}

add-ons/lookups/payfone-tcpa-compliance/payfone-tcpa-compliance.7.x.java

@@ -10,8 +10,9 @@
 public class Example {
 
     // Get your Account SID and Auth Token from twilio.com/console
-    public static final String ACCOUNT_SID = "ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
-    public static final String AUTH_TOKEN = "your_auth_token";
+    // To set up environment variables, see http://twil.io/secure
+    public static final String ACCOUNT_SID = System.getenv("TWILIO_ACCOUNT_SID");
+    public static final String AUTH_TOKEN = System.getenv("TWILIO_AUTH_TOKEN");
 
     public static void main(String[] args) {
         Twilio.init(ACCOUNT_SID, AUTH_TOKEN);

api-auth/api-auth.3.x.js

@@ -1,10 +1,10 @@
 const twilio = require('twilio');
 
-const myAccountSid = 'ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; // Your Account SID from www.twilio.com/console
-const apiKey = 'SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; // You can generate this from www.twilio.com/console/runtime/api-keys/create
-const apiSecret = 'your_api_secret'; // You can generate this from www.twilio.com/console/runtime/api-keys/create
+// To set up environmental variables, see http://twil.io/secure
+const myAccountSid = process.env.TWILIO_ACCOUNT_SID; // Your Account SID from www.twilio.com/console
+const apiKey = process.env.TWILIO_API_KEY; // You can generate this from www.twilio.com/console/runtime/api-keys/create
+const apiSecret = process.env.TWILIO_API_SECRET; // You can generate this from www.twilio.com/console/runtime/api-keys/create
 
-// DANGER! This is insecure. See http://twil.io/secure
 const client = twilio(apiKey, apiSecret, { accountSid: myAccountSid });
 
 // Proof request to check credentials are working.

api-auth/api-auth.5.x.cs

@@ -7,11 +7,11 @@ class Program
 {
     static void Main(string[] args)
     {
-        const string accountSid = "ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; // Your Account Sid from twilio.com/user/account
-        const string apiKey = "SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; // You can generate this from www.twilio.com/console/runtime/api-keys/create
-        const string apiSecret = "your_api_secret"; // You can generate this from www.twilio.com/console/runtime/api-keys/create
+        // To set up environmental variables, see http://twil.io/secure
+        const string accountSid = Environment.GetEnvironmentVariable("TWILIO_ACCOUNT_SID");
+        const string apiKey = Environment.GetEnvironmentVariable("TWILIO_API_KEY"); // You can generate this from www.twilio.com/console/runtime/api-keys/create
+        const string apiSecret = Environment.GetEnvironmentVariable("TWILIO_API_SECRET"); // You can generate this from www.twilio.com/console/runtime/api-keys/create
 
-        // DANGER! This is insecure. See http://twil.io/secure
         TwilioClient.Init(apiKey, apiSecret, accountSid);
 
         // Proof request to check credentials are working.

api-auth/api-auth.5.x.php

@@ -2,9 +2,10 @@
 require_once './vendor/autoload.php'; // Loads the library
 use Twilio\Rest\Client;
 
-$sid = "ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; // Your Account Sid from twilio.com/user/account
-$api_key = "SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; // You can generate this from www.twilio.com/console/runtime/api-keys/create
-$api_secret = "your_api_secret"; // You can generate this from www.twilio.com/console/runtime/api-keys/create
+// To set up environmental variables, see http://twil.io/secure
+$sid = getenv('TWILIO_ACCOUNT_SID'); // Your Account Sid from twilio.com/user/account
+$api_key = getenv('TWILIO_API_KEY'); // You can generate this from www.twilio.com/console/runtime/api-keys/create
+$api_secret = getenv('TWILIO_API_KEY_SECRET'); // You can generate this from www.twilio.com/console/runtime/api-keys/create
 
 // DANGER! This is insecure. See http://twil.io/secure
 $client = new Client($api_key, $api_secret, $sid);

api-auth/api-auth.5.x.rb

@@ -1,8 +1,9 @@
 require 'twilio-ruby'
 
-account_sid = "ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"  # Your Account SID from www.twilio.com/console
-api_key = "SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"  # You can generate this from www.twilio.com/console/runtime/api-keys/create
-api_secret = "your_api_secret"  # You can generate this from www.twilio.com/console/runtime/api-keys/create
+# To set up environmental variables, see http://twil.io/secure
+account_sid = ENV['TWILIO_ACCOUNT_SID']  # Your Account SID from www.twilio.com/console
+api_key = ENV['TWILIO_API_KEY']  # You can generate this from www.twilio.com/console/runtime/api-keys/create
+api_secret = ENV['TWILIO_API_KEY_SECRET']  # You can generate this from www.twilio.com/console/runtime/api-keys/create
 
 # DANGER! This is insecure. See http://twil.io/secure
 @client = Twilio::REST::Client.new api_key, api_secret, account_sid

api-auth/api-auth.6.x.py

@@ -1,8 +1,10 @@
+import os
 from twilio.rest import Client
 
-account_sid = "ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"  # Your Account SID from www.twilio.com/console
-api_key = "SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"  # You can generate this from www.twilio.com/console/runtime/api-keys/create
-api_secret = "your_api_secret"  # You can generate this from www.twilio.com/console/runtime/api-keys/create
+# To set up environmental variables, see http://twil.io/secure
+account_sid = os.environ['TWILIO_ACCOUNT_SID']  # Your Account SID from www.twilio.com/console
+api_key = os.environ['TWILIO_API_KEY']  # You can generate this from www.twilio.com/console/runtime/api-keys/create
+api_secret = os.environ['TWILIO_API_KEY_SECRET']  # You can generate this from www.twilio.com/console/runtime/api-keys/create
 
 # DANGER! This is insecure. See http://twil.io/secure
 client = Client(api_key, api_secret, account_sid)

api-auth/api-auth.7.x.java

@@ -3,14 +3,14 @@
 import com.twilio.rest.api.v2010.Account;
 
 public class Example {
-    // Find your Account Sid at twilio.com/user/account
-    public static final String ACCOUNT_SID = "ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
+    // Find your Account Sid at twilio.com/account
+    // To set up environment variables, see http://twil.io/secure
+    public static final String ACCOUNT_SID = System.getenv("TWILIO_ACCOUNT_SID");
     // You can generate these from www.twilio.com/console/runtime/api-keys/create
-    public static final String API_KEY = "SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
-    public static final String API_SECRET = "your_api_secret";
+    public static final String API_KEY = System.getenv("TWILIO_API_KEY");
+    public static final String API_SECRET = System.getenv("TWILIO_API_SECRET");
 
     public static void main(String[] args) {
-        // DANGER! This is insecure. See http://twil.io/secure
         Twilio.init(API_KEY, API_SECRET, ACCOUNT_SID);
 
         // Proof request to check credentials are working.

client/capability-token-2way/capability-token.3.x.js

@@ -8,11 +8,12 @@ app.use(bodyParser.urlencoded({ extended: false }));
 
 app.get('/token', (req, res) => {
   // put your Twilio API credentials here
-  const accountSid = 'ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
-  const authToken = 'your_auth_token';
+  // To set up environmental variables, see http://twil.io/secure
+  const accountSid = process.env.TWILIO_ACCOUNT_SID;
+  const authToken = process.env.TWILIO_AUTH_TOKEN;
 
   // put your Twilio Application Sid here
-  const appSid = 'APXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
+  const appSid = process.env.TWILIO_APP_SID;
 
   const capability = new ClientCapability({
     accountSid: accountSid,

client/capability-token-2way/capability-token.5.x.cs

@@ -1,6 +1,7 @@
 // In Package Manager, run:
 // Install-Package Twilio.Client -Pre
 
+using System;
 using System.Collections.Generic;
 using System.Web.Mvc;
 using Twilio.Jwt;
@@ -12,11 +13,12 @@ public class TokenController : Controller
     public ActionResult Index()
     {
         // put your Twilio API credentials here
-        const string accountSid = "ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
-        const string authToken = "your_auth_token";
+        // To set up environmental variables, see http://twil.io/secure
+        const string accountSid = Environment.GetEnvironmentVariable("TWILIO_ACCOUNT_SID");
+        const string authToken = Environment.GetEnvironmentVariable("TWILIO_AUTH_TOKEN");
 
         // put your Twilio Application SID here
-        const string appSid = "APXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
+        const string appSid = Environment.GetEnvironmentVariable("TWILIO_APP_SID");
 
         var scopes = new HashSet<IScope>
         {

client/capability-token-2way/capability-token.5.x.php

@@ -4,8 +4,9 @@
 use Twilio\Jwt\ClientToken;
 
 // put your Twilio API credentials here
-$accountSid = 'ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
-$authToken  = 'your_auth_token';
+// To set up environmental variables, see http://twil.io/secure
+$accountSid = getenv('TWILIO_ACCOUNT_SID');
+$authToken  = getenv('TWILIO_AUTH_TOKEN');
 $appSid = 'APXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
 
 $capability = new ClientToken($accountSid, $authToken);

client/capability-token-2way/capability-token.5.x.rb

@@ -2,8 +2,9 @@
 require 'sinatra'
 
 get '/token' do
-  account_sid = 'ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
-  auth_token = 'your_auth_token'
+# To set up environmental variables, see http://twil.io/secure
+  account_sid = ENV['TWILIO_ACCOUNT_SID']
+  auth_token = ENV['TWILIO_AUTH_TOKEN']
   capability = Twilio::JWT::ClientCapability.new(account_sid, auth_token)
 
   # Create an application sid at

client/capability-token-2way/capability-token.6.x.py

@@ -1,3 +1,4 @@
+import os
 from flask import Flask, Response, request
 from twilio.jwt.client import ClientCapabilityToken
 
@@ -9,8 +10,9 @@ def get_capability_token():
     """Respond to incoming requests."""
 
     # Find these values at twilio.com/console
-    account_sid = 'ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
-    auth_token = 'your_auth_token'
+# To set up environmental variables, see http://twil.io/secure
+    account_sid = os.environ['TWILIO_ACCOUNT_SID']
+    auth_token = os.environ['TWILIO_AUTH_TOKEN']
 
     capability = ClientCapabilityToken(account_sid, auth_token)
 

client/capability-token-2way/capability-token.7.x.java

@@ -13,14 +13,15 @@
 
 public class TwilioServlet extends HttpServlet {
 
-  public static final String ACCOUNT_SID = "ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
-  public static final String AUTH_TOKEN = "your_auth_token";
+  // Get your Account SID and Auth Token from https://twilio.com/console
+  // To set up environment variables, see http://twil.io/secure
+  public static final String ACCOUNT_SID = System.getenv("TWILIO_ACCOUNT_SID");
+  public static final String AUTH_TOKEN = System.getenv("TWILIO_AUTH_TOKEN");
+  // Find an application Sid from twilio.com/user/account/apps
+  public static final String APP_SID = System.getenv("TWILIO_APP_SID");
 
   public void service(HttpServletRequest request, HttpServletResponse response) throws IOException {
-    // Find an application Sid from twilio.com/user/account/apps
-    String applicationSid = "APXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
-
-    OutgoingClientScope outgoingScope = new OutgoingClientScope.Builder(applicationSid).build();
+    OutgoingClientScope outgoingScope = new OutgoingClientScope.Builder(APP_SID).build();
     IncomingClientScope incomingScope = new IncomingClientScope(request.getParameter("ClientName"));
 
     List<Scope> scopes = Lists.newArrayList(outgoingScope, incomingScope);

client/capability-token-expires/capability-token-expires.6.x.py

@@ -1,5 +1,7 @@
+import os
 from twilio.jwt.client import ClientCapabilityToken
 
-account_sid = 'ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
-auth_token = 'your_auth_token'
+# To set up environmental variables, see http://twil.io/secure
+account_sid = os.environ['TWILIO_ACCOUNT_SID']
+auth_token = os.environ['TWILIO_AUTH_TOKEN']
 token = ClientCapabilityToken(account_sid, auth_token).to_jwt(ttl=600)

client/capability-token-incoming/capability-token.3.x.js

@@ -6,8 +6,9 @@ const app = express();
 
 app.get('/token', (req, res) => {
   // put your Twilio API credentials here
-  const accountSid = 'ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
-  const authToken = 'your_auth_token';
+  // To set up environmental variables, see http://twil.io/secure
+  const accountSid = process.env.TWILIO_ACCOUNT_SID;
+  const authToken = process.env.TWILIO_AUTH_TOKEN;
 
   const capability = new ClientCapability({
     accountSid: accountSid,

client/capability-token-incoming/capability-token.5.x.cs

@@ -1,6 +1,7 @@
 // In Package Manager, run:
 // Install-Package Twilio.Client -Pre
 
+using System;
 using System.Collections.Generic;
 using System.Web.Mvc;
 using Twilio.Jwt;
@@ -12,8 +13,9 @@ public class TokenController : Controller
     public ActionResult Index()
     {
         // Put your Twilio API credentials here
-        const string accountSid = "ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
-        const string authToken = "your_auth_token";
+        // To set up environmental variables, see http://twil.io/secure
+        const string accountSid = Environment.GetEnvironmentVariable("TWILIO_ACCOUNT_SID");
+        const string authToken = Environment.GetEnvironmentVariable("TWILIO_AUTH_TOKEN");
 
         var scopes = new HashSet<IScope>
         {

client/capability-token-incoming/capability-token.5.x.php

@@ -4,8 +4,9 @@
 use Twilio\Jwt\ClientToken;
 
 // put your Twilio API credentials here
-$accountSid = 'ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
-$authToken  = 'your_auth_token';
+// To set up environmental variables, see http://twil.io/secure
+$accountSid = getenv('TWILIO_ACCOUNT_SID');
+$authToken  = getenv('TWILIO_AUTH_TOKEN');
 
 $capability = new ClientToken($accountSid, $authToken);
 $capability->allowClientIncoming("joey");

client/capability-token-incoming/capability-token.5.x.rb

@@ -2,8 +2,9 @@
 require 'sinatra'
 
 get '/token' do
-  account_sid = 'ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
-  auth_token = 'your_auth_token'
+# To set up environmental variables, see http://twil.io/secure
+  account_sid = ENV['TWILIO_ACCOUNT_SID']
+  auth_token = ENV['TWILIO_AUTH_TOKEN']
   capability = Twilio::JWT::ClientCapability.new(account_sid, auth_token)
 
   capability.add_scope(Twilio::JWT::ClientCapability::IncomingClientScope.new('joey'))