Hi guys, I'm back!
In the previous episode, we’re successfully create an interactive chatbot, but one critical thing remain, our api key is still inside our python file, which is if we’re publishing our code into public or moving it into bigger scale of development or even production stage, of course its unsafe at all, that’s why im telling you on the next episode, ill show you how to secure our private thing (in this case API key).
Now I'm going to show you how to secure your own API key (Nebula API)!
Environment variable
An environment variable is a dynamically named value that can affect the way running processes behave on a computer. Think of them as "global constants" for your operating system’s environment.
Instead of hard-coding a specific file path or a secret API key directly into a program's source code, you store that information in an environment variable. This allows the program to remain generic and adaptable to different computers or users.
Now, the first thing we need is to create a ‘.env’ file, which will contain our Nebula API key:
After we create .env file, now we need to put our Nebula API key inside this file, you can just simply move the variable that contain our key into that file, in this snippet:
from openai import OpenAI
client = OpenAI(
nebula_api_key="sk-xxxxx",
base_url="https://llm.ai-nebula.com/v1"
)
We’re going to move “ nebula_api_key="sk-xxxxx" ” inside the .env file (don’t forget to remove the double quote symbol in order to system can retrieve the Nebula_api_key as a value, not just a string):
How can our program retrieve the nebula api key?
Now, we need to do something so our program can read the nebula api key inside the .env files.
There’s why we need to use ‘dotenv’ and ‘os’ library, The os.getenv bridge: Simply having the .env file isn't enough, Python needs that "bridge" command to go grab the value from the system memory.
So, we need to import 2 more, so it will be like this:
The ‘load_dotenv()’ function is most important because it retrieves variables from our .env file.
Configuring the Client
This is where the "bridge" happens. In the original code, the API key was typed directly into the script, a big security risk! Now, we use os.getenv() to look for the key we saved in our .env file.
Original Code:
client = OpenAI(
nebula_api_key="sk-xxx", # Hard-coded (Unsafe!)
base_url="https://llm.ai-nebula.com/v1"
)
Secure Code:
client = OpenAI(
nebula_api_key=os.getenv("NEBULA_API_KEY"), # Fetched from system memory
base_url="https://llm.ai-nebula.com/v1"
)
Enhancing the Chat Loop
Finally, we can add a small confirmation message. While the logic of the while loop remains the same, having the API key stored externally makes the code much cleaner and ready for professional deployment.
print("Chatbot initialized. Type 'exit' to stop.")
while True:
user_input = input("You: ")
# ... rest of your logic stays the same!
By making these changes, you have successfully:
- Separated Configuration from Code: Your code now tells the computer what to do, while the .env file tells it which credentials to use.
- Prevented Data Leaks: Even if you share your Python file with a classmate or push it to GitHub, your secret key stays safe on your own machine.
Now, all we need is to test it out if these changes will work or not?
As you guys can see, these changes is success and the program runs smoothly without any problem, and with these changes, we can continue developing our program into the next stage without worrying about our security.
And for you guys who want to build a chatbot or even other things with AI, you can check NEBULA LAB here:
There’s much more than just an API KEY FOR ALL MODELS. They also had tons of other features, such as marketing, etc.
Top comments (0)