On my last weekend project I needed to talk to an API using an AUTH_KEY which should be private but should be included in the request instead of us...
For further actions, you may consider blocking this person and/or reporting abuse
Thanks for sharing this.
How does this compare to saving the key under environment settings and accessing it via os.environ.get() ?
Am just wondering if it's more secure ?
Thanks
that env vars can be seen (and (personal opinion) I think it's more structured)
noyaml.com
That's true though some of it can be avoided via safe load.
Even if everything works perfectly,
YAML parsers tend to be big bulky and slow compared to parsers of simpler formats,
you can even use CSON if you dont want brackets and semicolons, etc
and still more simpler than YAML to parse.
Pydantic has a nice BaseSetting module that works with environment variables that I would recommend. Combo that with python-dotenv for file based loading.
Why full loader?
Could you add an example of
where we can avoid leaking secrets into git ?