Python-powered chat apps with Twilio and SendGrid Transcripts
Chapter: Beautiful confirmation emails
Lecture: Storing secrets, secretly

Login or purchase this course to watch this video and the rest of the course contents.
0:00 So we want to get started using sendgrid so we can easily do that.
0:03 We can say
0:05 client=sendgrid.sendgridAPIClient(api_key) and let's see what it takes.
0:11 Oh, it takes the api_key,
0:14 All right, No problem with api_key.
0:17 And let's just put that up here.
0:20 It's going to be a string,
0:21 and it is equal to abu32.
0:22 Wait a minute. Have you heard that you shouldn't put API keys and other secret
0:28 passwords and connection strings and things like that right in your source code?
0:32 But if you ever wondered why,
0:34 I mean, who is this is going to be a private repository?
0:36 Who's going to find it? What's going to happen?
0:39 Well, it turns out that there are all sorts of services that watch things like
0:43 Git Hub. And if ever there's a glimpse into your repository,
0:47 somehow it became public. Somebody cloned it or accidentally made it public for a moment
0:51 and put it away. Chances are,
0:53 it's too late. Check this site out.
0:55 There's a place or service called shhgit,
0:57 as in, Don't talk about the secrets you can see down here.
1:01 Just secrets being found right away.
1:04 They used to have this in real time.
1:06 I'm not sure if this is actually real time,
1:08 but there was a way to actually see the repositories there a little bit redacted here
1:12 because there was some abuse. This is what it looks like if you subscribe to
1:16 the public, github feed and you look for the various configuration files and tokens
1:20 and other things that should not be in your code.
1:23 So you really, really don't want these to be bound.
1:26 So what are we going to do?
1:27 Well, we're not going to do this.
1:29 Instead, we're going to say that this is none.
1:31 And this is optional,to start out as none,
1:34 but then be something. I'm going to set this up.
1:37 We're also going to do API.
1:40 I call it key_name as well.
1:43 We're not technically going to use the key_name,
1:45 but in the sendgrid dashboard,
1:48 we get a specify key_name,
1:49 and having those next to each other is probably worthwhile for us.
1:53 So how are we going to store our API keys?
1:55 Well, there's all sorts of options.
1:57 Some people put them directly in environment variables,
2:00 in which case they're not as part of your code.
2:02 But you log in to the server and say,
2:04 Give me the sendgrid api key out of the environment. It's easy to do in
2:08 Python. There's other services like cloudy env that actually encrypt and store those.
2:14 You could put an encryption key somewhere on your system and encrypt the keys.
2:17 But what we're gonna do a relatively low effort,
2:20 type of thing. What we're gonna do is we're gonna create a Json file.
2:25 I'll call it something like secrets template.json.
2:29 Why template? Because what we're gonna do is work with a file called Secrets.json
2:33 But we're not going to put it into our source code.
2:36 We're going to use this template file as,
2:37 like a hint. So put a little bit of in here and we'll say TODO
2:40 copy this file to secrets.json and set the real values going to make sure
2:49 that secret.json is excluded and get ignored so we never check it in.
2:53 But we're going to have sections on say,
2:55 like, it's sendgrid and over in sendgrid will have secret_key.
3:04 Don't put the real data here.
3:05 This is going in to GitHub and like that,
3:09 we're also gonna need some stuff to talk to Twilio for WhatsApp.
3:12 So we're gonna have other sections throughout this course that we add here.
3:16 But for now, it's going to be this simple version.
3:19 So what I want to do is copy this over to secrets.json and ignore
3:22 it. But the problem is,
3:23 if I copy and pycharm often,
3:26 what will happen is pycharm says,
3:28 Oh, new document, new file.
3:29 Let's automatically add that to GitHub,
3:30 to be friendly, generally helpful.
3:33 Not this time. So I'm going to do it outside a pycharm and then
3:36 ignore it and then come back.
3:38 And here you can see that secrets.json now exists and that it's this golden
3:43 color which in pitch our means that it's going to be ignored.
3:46 I just copied it over and then added it to the git ignored.
3:50 So what I'm gonna do is go over here and put my API keys into this
3:53 file. I'm not going to show you that because there are mine and private.
3:57 You do that for yours and make sure you don't commit it or share it with anyone.