DEV Community

Cover image for protip: if you are streaming your coding, use OS environment variables to hide your secret keys/tokens
Gene
Gene

Posted on

protip: if you are streaming your coding, use OS environment variables to hide your secret keys/tokens

I, as well as a few friends of mine, like to stream ourselves writing code. This can be an incredibly fun and rewarding experience. However, if you are using certain APIs it is VERY important to keep your API keys / tokens secret!

Keep your secrets

One effective way of ensuring your tokens remain hidden is to use your OS environment (typically shortened to "env") variables and then use an OS library to access those variables.

I will show how to do that here in this article and I will use the Unity game engine with C#/.NET to show you how to hook into them!

Setting up your Environment Variables

Search for "Edit the system environment variables" in the start menu and select the option that comes up
Image description

this should open up System Properties
System Properties

Click "Environment Variables..." at the bottom right this should open up your environment variables, add a variable to the System Variables by selecting "New..."
Env Vars

hint: this is basically a dictionary or hash map. It's a list of key value pairs. so whatever key you give is a string value representing the value. here I have chosen "API_SECRET" with a value of "ITS A SECRET TO EVERYONE"

Once you are done here hit "OK" to save your variable and "OK" to confirm and close out of the Environment Variables screen.

Accessing The Stored Variables

Now it's time to do the fun stuff!

Here I'm going to show how to access the OS environment variables with .NET (C#). However, with a bit of googling you will see that most if not all programming languages have a way to hook into the OS environment variables.

For .NET we can use the System library to grab the values we want.

First make a new C# file in your Unity project and remove the monobehaviour references, we wont need them for this simple script (if you are not doing this in a unity project then ignore the stuff about monobehaviours). I've taken the liberty of posting the code below. Use the Environment.GetEnvironmentVariable() method to grab the token/secret!!!

Microsoft Documentation for Environment Varaibles

using System;

public static class SecretHook
{
    //the environment variable that we have stored for API SECRET
    private static string API_TOKEN =
        Environment.GetEnvironmentVariable(
            "API_SECRET", 
            EnvironmentVariableTarget.Machine
        );

    /// <summary>
    /// getter for api token
    /// </summary>
    /// <returns>returns the api token stored in the environment variable</returns>
    public static string GetApiToken()
    {
        return API_TOKEN;
    }
}
Enter fullscreen mode Exit fullscreen mode

Next, in order to show you all that this solution is working as intended, I coded a button that when pressed reveals the token (obviously you WONT want to reveal the token on your stream so don't do this this is just to show that it does work)...

I created another C# script, and I kept the monobehaviour.

using UnityEngine;
using TMPro;

public class ButtonBehaviour : MonoBehaviour
{
    public TextMeshProUGUI APITokenTextArea;

    public void ClickEventForButton()
    {
        APITokenTextArea.text = SecretHook.GetApiToken();
    }
}
Enter fullscreen mode Exit fullscreen mode

Then I configured the button within Unity

Inspector

here's my hierarchy and scene just in case you need it for reference.

Heirarchy

and finally here is the button before and after I click it when the game is running:

Game View 1

click...

Game View 2

have fun!

and keep your secrets safe!

Top comments (0)