Skip to content

Embed credentials and secrets

Generally it is not a good idea to store passwords or authentication variables in your source code.

Take for example the following code snippet, I want to set up a database connection using my favorite database library.

import bestdblib

bestdblib.connect("", "bestpassword")

This works of course, and you could add this to a UbiOps deployment. The big problem is that it will expose the password to everyone with access to the source code or access to the deployment file.

Well we can do something different by using environment variables. These variables are available during runtime and can be accessed by the deployment when needed. Basically, we can use environment variables as a simple form of password manager.

We have to change the code a bit:

import bestdblib
import os

bestdblib.connect("", os.environ['PASSWORD'])

The change here is that instead of hard coding the password we are using the os package to get an environment variable named PASSWORD.

That environment variable needs to be created, you can read how to do that on UbiOps on our environment variables page.

Locally however it depends on what kind of platform you use and what kind of developing tools you are using. Please refer to the documentation of your specific setup on how to set up environment variables.