{"id":53906,"date":"2025-09-20T17:08:32","date_gmt":"2025-09-20T07:08:32","guid":{"rendered":"https:\/\/www.cloudproinc.com.au\/?p=53906"},"modified":"2025-09-20T17:08:33","modified_gmt":"2025-09-20T07:08:33","slug":"how-to-secure-api-keys-with-python","status":"publish","type":"post","link":"https:\/\/cloudproinc.com.au\/index.php\/2025\/09\/20\/how-to-secure-api-keys-with-python\/","title":{"rendered":"How to Secure API Keys with Python"},"content":{"rendered":"\n<p>In this blog post How to Secure API Keys with Python for Apps and Infrastructure we will walk through practical ways to keep secrets safe from laptop to production.<\/p>\n\n\n\n<!--more-->\n\n\n\n<p>API keys are bearer secrets. Anyone who has the string can act as your application. That makes key security a lifecycle problem: how you store, retrieve, use, log, rotate, and revoke keys. We will start with a high-level view, then move into Python patterns you can deploy today.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-is-happening-under-the-hood\">What is happening under the hood<\/h2>\n\n\n\n<p>Two ideas drive secret security:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Control access to the plaintext key. Store encrypted at rest; decrypt only where needed.<\/li>\n\n\n\n<li>Minimize exposure. Keep keys out of code, VCS history, logs, and crash reports.<\/li>\n<\/ul>\n\n\n\n<p>Technologies involved:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Operating system environment variables and file permissions.<\/li>\n\n\n\n<li>Secret managers (AWS Secrets Manager, GCP Secret Manager, Azure Key Vault) backed by KMS\/HSM for encryption and audit.<\/li>\n\n\n\n<li><a href=\"https:\/\/www.cloudproinc.com.au\/index.php\/category\/python\/\">Python<\/a> libraries: os for env access, python-dotenv for local dev, keyring for OS vaults, cryptography for encryption, boto3\/azure\/gsdk clients for cloud secret retrieval, pydantic for typed config.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-non-negotiables-for-api-key-safety\">Non-negotiables for API key safety<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Never hardcode secrets in source.<\/li>\n\n\n\n<li>Prefer a managed secret store in production.<\/li>\n\n\n\n<li>Load secrets at runtime via environment or files with strict permissions.<\/li>\n\n\n\n<li>Rotate regularly and automate revocation.<\/li>\n\n\n\n<li>Prevent secrets from entering logs, error traces, and analytics.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-baseline-pattern-with-environment-variables\">Baseline pattern with environment variables<\/h2>\n\n\n\n<p>Environment variables are the simplest cross-platform channel for injecting secrets at runtime. They work well with containers, serverless, and CI\/CD.<\/p>\n\n\n\n<pre class=\"wp-block-code has-white-color has-black-background-color has-text-color has-background has-link-color wp-elements-a490ab59e433dc57504941142b9e7a0d\"><code>import os\n\nstripe_key = os.environ&#91;\"STRIPE_API_KEY\"]  # Will raise KeyError if missing\n\n# Use with requests without printing it\nimport requests\nsession = requests.Session()\nsession.headers.update({\"Authorization\": f\"Bearer {stripe_key}\"})<\/code><\/pre>\n\n\n\n<p>Pros: trivial, portable. Cons: discoverable by any process with access to the environment. Combine with least-privilege OS users and masking in logs.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-typed-config-with-pydantic\">Typed config with Pydantic<\/h2>\n\n\n\n<p>Model your config and fail fast when secrets are missing. This avoids scattered os.environ calls.<\/p>\n\n\n\n<pre class=\"wp-block-code has-white-color has-black-background-color has-text-color has-background has-link-color wp-elements-0dd300aa0bde07950eb57018c5c8aefe\"><code>from pydantic import BaseSettings, SecretStr\nfrom dotenv import load_dotenv\n\nload_dotenv()  # For local dev only; not needed in prod\n\nclass Settings(BaseSettings):\n    stripe_api_key: SecretStr\n    database_url: SecretStr\n\n    class Config:\n        env_file = \".env\"  # local override, ignored in prod\n\nsettings = Settings()\nstripe_key = settings.stripe_api_key.get_secret_value()<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-local-development-without-leaks\">Local development without leaks<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Use a .env file; never commit it.<\/li>\n\n\n\n<li>Add .env* to .gitignore.<\/li>\n\n\n\n<li>Use a pre-commit scanner to catch accidental commits.<\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-code has-white-color has-black-background-color has-text-color has-background has-link-color wp-elements-0e7f10c1249cb89fb32e5267e4d7f1af\"><code># .gitignore\n.env\n.env.*\n\n# .pre-commit-config.yaml (example)\nrepos:\n- repo: https:\/\/github.com\/zricethezav\/gitleaks\n  rev: v8.18.3\n  hooks:\n  - id: gitleaks\n<\/code><\/pre>\n\n\n\n<p>For laptops, you can also use the OS keychain.<\/p>\n\n\n\n<pre class=\"wp-block-code has-white-color has-black-background-color has-text-color has-background has-link-color wp-elements-25e5f12a9940d5c704c5b84882f32e48\"><code>import keyring\n\n# Set once (outside your code path)\nkeyring.set_password(\"my-app\", \"stripe\", \"sk_live_...\")\n\n# Retrieve in code\nstripe_key = keyring.get_password(\"my-app\", \"stripe\")<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-production-grade-secret-management\">Production-grade secret management<\/h2>\n\n\n\n<p>In production, rely on a managed secret store. You get encryption-at-rest, IAM, versioning, rotation hooks, and audit trails.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-example-aws-secrets-manager\">Example AWS Secrets Manager<\/h3>\n\n\n\n<pre class=\"wp-block-code has-white-color has-black-background-color has-text-color has-background has-link-color wp-elements-0b66c142235e51c310f642ebbbe884a0\"><code>import os, json, base64\nimport boto3\nfrom botocore.exceptions import ClientError\nfrom functools import lru_cache\n\n@lru_cache(maxsize=64)\ndef get_secret(name: str, region: str | None = None) -> dict:\n    region = region or os.getenv(\"AWS_REGION\", \"ap-southeast-2\")\n    client = boto3.client(\"secretsmanager\", region_name=region)\n    try:\n        resp = client.get_secret_value(SecretId=name)\n    except ClientError as e:\n        raise RuntimeError(f\"Secret fetch failed for {name}\") from e\n\n    payload = resp.get(\"SecretString\") or base64.b64decode(resp&#91;\"SecretBinary\"]).decode()\n    return json.loads(payload)\n\nsecrets = get_secret(\"prod\/app\/stripe\")\nstripe_key = secrets&#91;\"api_key\"]<\/code><\/pre>\n\n\n\n<p>Grant your app role only the specific secret ARN and read-only access. Rotate using AWS tooling, and deploy with versions. Equivalent SDKs exist for Google and Azure.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-gcp-and-azure-shapes\">GCP and Azure shapes<\/h3>\n\n\n\n<pre class=\"wp-block-code has-white-color has-black-background-color has-text-color has-background has-link-color wp-elements-f05b36cd9bdfd58819c4c147401914ea\"><code># GCP\nfrom google.cloud import secretmanager\nclient = secretmanager.SecretManagerServiceClient()\nname = client.secret_version_path(\"project\", \"stripe\", \"latest\")\npayload = client.access_secret_version(request={\"name\": name}).payload.data.decode()\n\n# Azure\nfrom azure.identity import DefaultAzureCredential\nfrom azure.keyvault.secrets import SecretClient\nclient = SecretClient(vault_url=\"https:\/\/&lt;vault>.vault.azure.net\", credential=DefaultAzureCredential())\nstripe_key = client.get_secret(\"stripe-api-key\").value<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-containers-docker-and-kubernetes\">Containers, Docker, and Kubernetes<\/h2>\n\n\n\n<p>With Docker, use built-in secrets to mount files readable only by the container.<\/p>\n\n\n\n<pre class=\"wp-block-code has-white-color has-black-background-color has-text-color has-background has-link-color wp-elements-3cff33f707997f1ddeab0468021bed6e\"><code># docker-compose.yml snippet\nservices:\n  app:\n    secrets:\n      - stripe_api_key\nsecrets:\n  stripe_api_key:\n    file: .\/secrets\/stripe_api_key\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code has-white-color has-black-background-color has-text-color has-background has-link-color wp-elements-1203bad14989003c054b38a9dc7b8e01\"><code># Python\nwith open(\"\/run\/secrets\/stripe_api_key\") as f:\n    stripe_key = f.read().strip()\n<\/code><\/pre>\n\n\n\n<p>In Kubernetes, mount Secrets as volumes or inject as env vars. Prefer volumes for large or structured secrets and to avoid env exposure.<\/p>\n\n\n\n<pre class=\"wp-block-code has-white-color has-black-background-color has-text-color has-background has-link-color wp-elements-abcf9e0344840037df33531e7907fbbd\"><code># Mounted file path defined in your Pod spec\nwith open(\"\/var\/run\/secrets\/stripe\/api_key\") as f:\n    stripe_key = f.read().strip()<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-prevent-secrets-from-leaking-into-logs\">Prevent secrets from leaking into logs<\/h2>\n\n\n\n<p>Never log full tokens. Add a redacting formatter for defense in depth.<\/p>\n\n\n\n<pre class=\"wp-block-code has-white-color has-black-background-color has-text-color has-background has-link-color wp-elements-2d55eedec5da3b7b88073eaa8ef1f730\"><code>import logging, re\n\nTOKEN_PATTERN = re.compile(r\"(sk_live_&#91;A-Za-z0-9]{16,}|Bearer\\s+&#91;A-Za-z0-9._-]+)\")\n\nclass RedactingFormatter(logging.Formatter):\n    def format(self, record):\n        s = super().format(record)\n        return TOKEN_PATTERN.sub(\"&#91;REDACTED]\", s)\n\nlogger = logging.getLogger(\"app\")\nhandler = logging.StreamHandler()\nhandler.setFormatter(RedactingFormatter(\"%(levelname)s %(message)s\"))\nlogger.addHandler(handler)\nlogger.setLevel(logging.INFO)\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-key-rotation-without-drama\">Key rotation without drama<\/h2>\n\n\n\n<p>Rotate on a schedule, not only after incidents. Support overlapping keys so you can phase out old ones.<\/p>\n\n\n\n<pre class=\"wp-block-code has-white-color has-black-background-color has-text-color has-background has-link-color wp-elements-1ae3cc42f139db476a714d79e001758a\"><code>import os, requests\n\nPRIMARY = os.getenv(\"STRIPE_API_KEY_PRIMARY\")\nSECONDARY = os.getenv(\"STRIPE_API_KEY_SECONDARY\")\n\ndef call_api(key: str) -&gt; bool:\n    r = requests.get(\"https:\/\/api.example.com\/ping\", headers={\"Authorization\": f\"Bearer {key}\"})\n    return r.status_code &lt; 500 and r.status_code != 401\n\nfor key in filter(None, &#91;PRIMARY, SECONDARY]):\n    if call_api(key):\n        active_key = key\n        break\nelse:\n    raise RuntimeError(\"No valid key available\")\n<\/code><\/pre>\n\n\n\n<p>During rotation, set SECONDARY to the new key, deploy, confirm traffic works, then swap PRIMARY and remove the old value.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-encrypting-your-own-secret-files\">Encrypting your own secret files<\/h2>\n\n\n\n<p>Prefer managed stores. If you must keep an encrypted blob in Git, use envelope encryption: keep the data encrypted with a data key, and protect that key with a KMS or OS keystore.<\/p>\n\n\n\n<pre class=\"wp-block-code has-white-color has-black-background-color has-text-color has-background has-link-color wp-elements-a275a71c6ca3caf30dbea7ac5a480735\"><code>from cryptography.fernet import Fernet\nimport os\n\n# FERNET_KEY must come from a secure store (not from the repo!)\nfernet = Fernet(os.environ&#91;\"FERNET_KEY\"])  \n\nciphertext = fernet.encrypt(b\"sk_live_...\")\nplaintext = fernet.decrypt(ciphertext)<\/code><\/pre>\n\n\n\n<p>Do not store the encryption key next to the ciphertext. That defeats the purpose.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-ci-cd-hygiene\">CI\/CD hygiene<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Store secrets in your CI provider\u2019s vault and inject as masked environment variables.<\/li>\n\n\n\n<li>Never echo secrets. Mask command output by default.<\/li>\n\n\n\n<li>Use separate secrets per environment and per service account.<\/li>\n\n\n\n<li>Run secret scanners on pull requests and block on findings.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-testing-without-real-keys\">Testing without real keys<\/h2>\n\n\n\n<p>Mock environment variables and secret clients.<\/p>\n\n\n\n<pre class=\"wp-block-code has-white-color has-black-background-color has-text-color has-background has-link-color wp-elements-8607ae942cad5cced19066f0e5a872bc\"><code>import os\nfrom unittest import mock\n\nwith mock.patch.dict(os.environ, {\"STRIPE_API_KEY\": \"test_123\"}):\n    # run unit tests that depend on the key\n    pass<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code has-white-color has-black-background-color has-text-color has-background has-link-color wp-elements-9b3abc1161dc32c1c2818dfe6b95341e\"><code># AWS example with Stubber\nfrom botocore.stub import Stubber\nclient = boto3.client(\"secretsmanager\", region_name=\"ap-southeast-2\")\nstub = Stubber(client)\nstub.add_response(\"get_secret_value\", {\"SecretString\": '{\"api_key\":\"test_123\"}'}, {\"SecretId\": \"prod\/app\/stripe\"})\nstub.activate()<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-common-pitfalls-to-avoid\">Common pitfalls to avoid<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Hardcoding or committing secrets. Even once in history is risky.<\/li>\n\n\n\n<li>Printing keys when debugging. Use redaction or structured logging filters.<\/li>\n\n\n\n<li>Using hashing to \u201cstore\u201d API keys you need to call services. Hashing is one-way; you need the plaintext. Use encryption or a managed secret store.<\/li>\n\n\n\n<li>Sharing one key across multiple services or environments. Use per-service keys with least privilege.<\/li>\n\n\n\n<li>Long-lived keys with no rotation plan.<\/li>\n\n\n\n<li><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-wrap-up\">Wrap-up<\/h2>\n\n\n\n<p>Securing API keys with Python is about discipline and good defaults. Keep secrets out of code, fetch them from a proper store, limit who can read them, and design for rotation. With the patterns above, you can raise your security bar without slowing down delivery.<\/p>\n\n\n\n<ul class=\"wp-block-yoast-seo-related-links yoast-seo-related-links\">\n<li><a href=\"https:\/\/www.cloudproinc.com.au\/index.php\/2025\/06\/27\/how-to-restore-an-azure-vm-os-disk-using-azure-powershell\/\">How to Restore an Azure VM OS Disk Using Azure PowerShell<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.cloudproinc.com.au\/index.php\/2024\/07\/05\/boosting-intune-machine-policy-updates-from-8-hours-to-30-minutes\/\">Boosting Intune Machine Policy Updates from 8 Hours to 30 Minutes<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.cloudproinc.com.au\/index.php\/2025\/09\/14\/mastering-docker-environment-variables-with-docker\/\">Mastering Docker environment variables with Docker<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.cloudproinc.com.au\/index.php\/2025\/04\/18\/adding-environment-variables-to-visual-studio-2022\/\">Adding Environment Variables to Visual Studio 2022<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.cloudproinc.com.au\/index.php\/2025\/09\/15\/build-lean-reliable-net-docker-images-for-production\/\">Build Lean Reliable .NET Docker Images for Production<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Practical patterns to protect API keys in Python. Learn safe storage, retrieval, rotation, and CI\/CD hygiene with code examples and cloud options.<\/p>\n","protected":false},"author":1,"featured_media":53907,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_yoast_wpseo_focuskw":"How to Secure API Keys with Python","_yoast_wpseo_title":"","_yoast_wpseo_metadesc":"Learn how to secure API keys with Python to protect your applications from unauthorized access and maintain confidentiality.","_yoast_wpseo_opengraph-title":"","_yoast_wpseo_opengraph-description":"","_yoast_wpseo_twitter-title":"","_yoast_wpseo_twitter-description":"","_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[13,79],"tags":[],"class_list":["post-53906","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-python"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>How to Secure API Keys with Python - CPI Consulting<\/title>\n<meta name=\"description\" content=\"Learn how to secure API keys with Python to protect your applications from unauthorized access and maintain confidentiality.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cloudproinc.com.au\/index.php\/2025\/09\/20\/how-to-secure-api-keys-with-python\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Secure API Keys with Python\" \/>\n<meta property=\"og:description\" content=\"Learn how to secure API keys with Python to protect your applications from unauthorized access and maintain confidentiality.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cloudproinc.com.au\/index.php\/2025\/09\/20\/how-to-secure-api-keys-with-python\/\" \/>\n<meta property=\"og:site_name\" content=\"CPI Consulting\" \/>\n<meta property=\"article:published_time\" content=\"2025-09-20T07:08:32+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-09-20T07:08:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cloudproinc.com.au\/wp-content\/uploads\/2025\/09\/how-to-secure-api-keys-with-python-for-apps-and-infrastructure.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1536\" \/>\n\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"CPI Staff\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"CPI Staff\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.cloudproinc.com.au\\\/index.php\\\/2025\\\/09\\\/20\\\/how-to-secure-api-keys-with-python\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.cloudproinc.com.au\\\/index.php\\\/2025\\\/09\\\/20\\\/how-to-secure-api-keys-with-python\\\/\"},\"author\":{\"name\":\"CPI Staff\",\"@id\":\"https:\\\/\\\/cloudproinc.com.au\\\/#\\\/schema\\\/person\\\/192eeeb0ce91062126ce3822ae88fe6e\"},\"headline\":\"How to Secure API Keys with Python\",\"datePublished\":\"2025-09-20T07:08:32+00:00\",\"dateModified\":\"2025-09-20T07:08:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.cloudproinc.com.au\\\/index.php\\\/2025\\\/09\\\/20\\\/how-to-secure-api-keys-with-python\\\/\"},\"wordCount\":738,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/cloudproinc.com.au\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.cloudproinc.com.au\\\/index.php\\\/2025\\\/09\\\/20\\\/how-to-secure-api-keys-with-python\\\/#primaryimage\"},\"thumbnailUrl\":\"\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/how-to-secure-api-keys-with-python-for-apps-and-infrastructure.png\",\"articleSection\":[\"Blog\",\"Python\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.cloudproinc.com.au\\\/index.php\\\/2025\\\/09\\\/20\\\/how-to-secure-api-keys-with-python\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.cloudproinc.com.au\\\/index.php\\\/2025\\\/09\\\/20\\\/how-to-secure-api-keys-with-python\\\/\",\"url\":\"https:\\\/\\\/www.cloudproinc.com.au\\\/index.php\\\/2025\\\/09\\\/20\\\/how-to-secure-api-keys-with-python\\\/\",\"name\":\"How to Secure API Keys with Python - CPI Consulting\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cloudproinc.com.au\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.cloudproinc.com.au\\\/index.php\\\/2025\\\/09\\\/20\\\/how-to-secure-api-keys-with-python\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.cloudproinc.com.au\\\/index.php\\\/2025\\\/09\\\/20\\\/how-to-secure-api-keys-with-python\\\/#primaryimage\"},\"thumbnailUrl\":\"\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/how-to-secure-api-keys-with-python-for-apps-and-infrastructure.png\",\"datePublished\":\"2025-09-20T07:08:32+00:00\",\"dateModified\":\"2025-09-20T07:08:33+00:00\",\"description\":\"Learn how to secure API keys with Python to protect your applications from unauthorized access and maintain confidentiality.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.cloudproinc.com.au\\\/index.php\\\/2025\\\/09\\\/20\\\/how-to-secure-api-keys-with-python\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.cloudproinc.com.au\\\/index.php\\\/2025\\\/09\\\/20\\\/how-to-secure-api-keys-with-python\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.cloudproinc.com.au\\\/index.php\\\/2025\\\/09\\\/20\\\/how-to-secure-api-keys-with-python\\\/#primaryimage\",\"url\":\"\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/how-to-secure-api-keys-with-python-for-apps-and-infrastructure.png\",\"contentUrl\":\"\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/how-to-secure-api-keys-with-python-for-apps-and-infrastructure.png\",\"width\":1536,\"height\":1024},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.cloudproinc.com.au\\\/index.php\\\/2025\\\/09\\\/20\\\/how-to-secure-api-keys-with-python\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.cloudproinc.com.au\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Secure API Keys with Python\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/cloudproinc.com.au\\\/#website\",\"url\":\"https:\\\/\\\/cloudproinc.com.au\\\/\",\"name\":\"Cloud Pro Inc - CPI Consulting Pty Ltd\",\"description\":\"Cloud, AI &amp; Cybersecurity Consulting | Melbourne\",\"publisher\":{\"@id\":\"https:\\\/\\\/cloudproinc.com.au\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/cloudproinc.com.au\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/cloudproinc.com.au\\\/#organization\",\"name\":\"Cloud Pro Inc - Cloud Pro Inc - CPI Consulting Pty Ltd\",\"url\":\"https:\\\/\\\/cloudproinc.com.au\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/cloudproinc.com.au\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/favfinalfile.png\",\"contentUrl\":\"\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/favfinalfile.png\",\"width\":500,\"height\":500,\"caption\":\"Cloud Pro Inc - Cloud Pro Inc - CPI Consulting Pty Ltd\"},\"image\":{\"@id\":\"https:\\\/\\\/cloudproinc.com.au\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/cloudproinc.com.au\\\/#\\\/schema\\\/person\\\/192eeeb0ce91062126ce3822ae88fe6e\",\"name\":\"CPI Staff\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2d96eeb53b791d92c8c50dd667e3beec92c93253bb6ff21c02cfa8ca73665c70?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2d96eeb53b791d92c8c50dd667e3beec92c93253bb6ff21c02cfa8ca73665c70?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2d96eeb53b791d92c8c50dd667e3beec92c93253bb6ff21c02cfa8ca73665c70?s=96&d=mm&r=g\",\"caption\":\"CPI Staff\"},\"sameAs\":[\"http:\\\/\\\/www.cloudproinc.com.au\"],\"url\":\"https:\\\/\\\/cloudproinc.com.au\\\/index.php\\\/author\\\/cpiadmin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"How to Secure API Keys with Python - CPI Consulting","description":"Learn how to secure API keys with Python to protect your applications from unauthorized access and maintain confidentiality.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cloudproinc.com.au\/index.php\/2025\/09\/20\/how-to-secure-api-keys-with-python\/","og_locale":"en_US","og_type":"article","og_title":"How to Secure API Keys with Python","og_description":"Learn how to secure API keys with Python to protect your applications from unauthorized access and maintain confidentiality.","og_url":"https:\/\/www.cloudproinc.com.au\/index.php\/2025\/09\/20\/how-to-secure-api-keys-with-python\/","og_site_name":"CPI Consulting","article_published_time":"2025-09-20T07:08:32+00:00","article_modified_time":"2025-09-20T07:08:33+00:00","og_image":[{"width":1536,"height":1024,"url":"https:\/\/cloudproinc.com.au\/wp-content\/uploads\/2025\/09\/how-to-secure-api-keys-with-python-for-apps-and-infrastructure.png","type":"image\/png"}],"author":"CPI Staff","twitter_card":"summary_large_image","twitter_misc":{"Written by":"CPI Staff","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cloudproinc.com.au\/index.php\/2025\/09\/20\/how-to-secure-api-keys-with-python\/#article","isPartOf":{"@id":"https:\/\/www.cloudproinc.com.au\/index.php\/2025\/09\/20\/how-to-secure-api-keys-with-python\/"},"author":{"name":"CPI Staff","@id":"https:\/\/cloudproinc.com.au\/#\/schema\/person\/192eeeb0ce91062126ce3822ae88fe6e"},"headline":"How to Secure API Keys with Python","datePublished":"2025-09-20T07:08:32+00:00","dateModified":"2025-09-20T07:08:33+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cloudproinc.com.au\/index.php\/2025\/09\/20\/how-to-secure-api-keys-with-python\/"},"wordCount":738,"commentCount":0,"publisher":{"@id":"https:\/\/cloudproinc.com.au\/#organization"},"image":{"@id":"https:\/\/www.cloudproinc.com.au\/index.php\/2025\/09\/20\/how-to-secure-api-keys-with-python\/#primaryimage"},"thumbnailUrl":"\/wp-content\/uploads\/2025\/09\/how-to-secure-api-keys-with-python-for-apps-and-infrastructure.png","articleSection":["Blog","Python"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.cloudproinc.com.au\/index.php\/2025\/09\/20\/how-to-secure-api-keys-with-python\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.cloudproinc.com.au\/index.php\/2025\/09\/20\/how-to-secure-api-keys-with-python\/","url":"https:\/\/www.cloudproinc.com.au\/index.php\/2025\/09\/20\/how-to-secure-api-keys-with-python\/","name":"How to Secure API Keys with Python - CPI Consulting","isPartOf":{"@id":"https:\/\/cloudproinc.com.au\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.cloudproinc.com.au\/index.php\/2025\/09\/20\/how-to-secure-api-keys-with-python\/#primaryimage"},"image":{"@id":"https:\/\/www.cloudproinc.com.au\/index.php\/2025\/09\/20\/how-to-secure-api-keys-with-python\/#primaryimage"},"thumbnailUrl":"\/wp-content\/uploads\/2025\/09\/how-to-secure-api-keys-with-python-for-apps-and-infrastructure.png","datePublished":"2025-09-20T07:08:32+00:00","dateModified":"2025-09-20T07:08:33+00:00","description":"Learn how to secure API keys with Python to protect your applications from unauthorized access and maintain confidentiality.","breadcrumb":{"@id":"https:\/\/www.cloudproinc.com.au\/index.php\/2025\/09\/20\/how-to-secure-api-keys-with-python\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cloudproinc.com.au\/index.php\/2025\/09\/20\/how-to-secure-api-keys-with-python\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cloudproinc.com.au\/index.php\/2025\/09\/20\/how-to-secure-api-keys-with-python\/#primaryimage","url":"\/wp-content\/uploads\/2025\/09\/how-to-secure-api-keys-with-python-for-apps-and-infrastructure.png","contentUrl":"\/wp-content\/uploads\/2025\/09\/how-to-secure-api-keys-with-python-for-apps-and-infrastructure.png","width":1536,"height":1024},{"@type":"BreadcrumbList","@id":"https:\/\/www.cloudproinc.com.au\/index.php\/2025\/09\/20\/how-to-secure-api-keys-with-python\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cloudproinc.com.au\/"},{"@type":"ListItem","position":2,"name":"How to Secure API Keys with Python"}]},{"@type":"WebSite","@id":"https:\/\/cloudproinc.com.au\/#website","url":"https:\/\/cloudproinc.com.au\/","name":"Cloud Pro Inc - CPI Consulting Pty Ltd","description":"Cloud, AI &amp; Cybersecurity Consulting | Melbourne","publisher":{"@id":"https:\/\/cloudproinc.com.au\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cloudproinc.com.au\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cloudproinc.com.au\/#organization","name":"Cloud Pro Inc - Cloud Pro Inc - CPI Consulting Pty Ltd","url":"https:\/\/cloudproinc.com.au\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cloudproinc.com.au\/#\/schema\/logo\/image\/","url":"\/wp-content\/uploads\/2022\/01\/favfinalfile.png","contentUrl":"\/wp-content\/uploads\/2022\/01\/favfinalfile.png","width":500,"height":500,"caption":"Cloud Pro Inc - Cloud Pro Inc - CPI Consulting Pty Ltd"},"image":{"@id":"https:\/\/cloudproinc.com.au\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/cloudproinc.com.au\/#\/schema\/person\/192eeeb0ce91062126ce3822ae88fe6e","name":"CPI Staff","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/2d96eeb53b791d92c8c50dd667e3beec92c93253bb6ff21c02cfa8ca73665c70?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/2d96eeb53b791d92c8c50dd667e3beec92c93253bb6ff21c02cfa8ca73665c70?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2d96eeb53b791d92c8c50dd667e3beec92c93253bb6ff21c02cfa8ca73665c70?s=96&d=mm&r=g","caption":"CPI Staff"},"sameAs":["http:\/\/www.cloudproinc.com.au"],"url":"https:\/\/cloudproinc.com.au\/index.php\/author\/cpiadmin\/"}]}},"jetpack_featured_media_url":"\/wp-content\/uploads\/2025\/09\/how-to-secure-api-keys-with-python-for-apps-and-infrastructure.png","jetpack-related-posts":[{"id":53918,"url":"https:\/\/cloudproinc.com.au\/index.php\/2025\/09\/22\/securing-streamlit-environment-vars-with-toml\/","url_meta":{"origin":53906,"position":0},"title":"Securing Streamlit Environment Vars with TOML","author":"CPI Staff","date":"September 22, 2025","format":false,"excerpt":"Protect API keys and credentials in Streamlit using TOML-based secrets, safe local and cloud workflows, and CI\/CD patterns for repeatable, secure deployments.","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/cloudproinc.com.au\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"\/wp-content\/uploads\/2025\/09\/a-practical-guide-to-securing-streamlit-environment-vars-with-toml.png","width":350,"height":200,"srcset":"\/wp-content\/uploads\/2025\/09\/a-practical-guide-to-securing-streamlit-environment-vars-with-toml.png 1x, \/wp-content\/uploads\/2025\/09\/a-practical-guide-to-securing-streamlit-environment-vars-with-toml.png 1.5x, \/wp-content\/uploads\/2025\/09\/a-practical-guide-to-securing-streamlit-environment-vars-with-toml.png 2x, \/wp-content\/uploads\/2025\/09\/a-practical-guide-to-securing-streamlit-environment-vars-with-toml.png 3x, \/wp-content\/uploads\/2025\/09\/a-practical-guide-to-securing-streamlit-environment-vars-with-toml.png 4x"},"classes":[]},{"id":53555,"url":"https:\/\/cloudproinc.com.au\/index.php\/2025\/07\/29\/counting-tokens-using-the-openai-python-sdk\/","url_meta":{"origin":53906,"position":1},"title":"Counting Tokens Using the OpenAI Python SDK","author":"CPI Staff","date":"July 29, 2025","format":false,"excerpt":"This post provides a comprehensive guide on counting tokens using the OpenAI Python SDK, covering Python virtual environments, managing your OpenAI API key securely, and the role of the requirements.txt file. In the world of Large Language Models (LLMs) and Artificial Intelligence (AI), the term \"token\" frequently arises. Tokens are\u2026","rel":"","context":"In &quot;AI&quot;","block_context":{"text":"AI","link":"https:\/\/cloudproinc.com.au\/index.php\/category\/ai\/"},"img":{"alt_text":"","src":"\/wp-content\/uploads\/2025\/07\/image-23.png","width":350,"height":200,"srcset":"\/wp-content\/uploads\/2025\/07\/image-23.png 1x, \/wp-content\/uploads\/2025\/07\/image-23.png 1.5x, \/wp-content\/uploads\/2025\/07\/image-23.png 2x"},"classes":[]},{"id":56780,"url":"https:\/\/cloudproinc.com.au\/index.php\/2025\/11\/10\/security-best-practices-for-azure-ai-services\/","url_meta":{"origin":53906,"position":2},"title":"Security Best Practices for Azure AI Services","author":"CPI Staff","date":"November 10, 2025","format":false,"excerpt":"Practical, step-by-step guidance to secure Azure AI services end to end\u2014identity, networks, data, prompts, and monitoring\u2014so your teams can innovate confidently without exposing your organisation.","rel":"","context":"In &quot;Azure AI Services&quot;","block_context":{"text":"Azure AI Services","link":"https:\/\/cloudproinc.com.au\/index.php\/category\/azure-ai-services\/"},"img":{"alt_text":"","src":"\/wp-content\/uploads\/2025\/11\/security-best-practices-for-azure-ai-services-in-practice.png","width":350,"height":200,"srcset":"\/wp-content\/uploads\/2025\/11\/security-best-practices-for-azure-ai-services-in-practice.png 1x, \/wp-content\/uploads\/2025\/11\/security-best-practices-for-azure-ai-services-in-practice.png 1.5x, \/wp-content\/uploads\/2025\/11\/security-best-practices-for-azure-ai-services-in-practice.png 2x, \/wp-content\/uploads\/2025\/11\/security-best-practices-for-azure-ai-services-in-practice.png 3x, \/wp-content\/uploads\/2025\/11\/security-best-practices-for-azure-ai-services-in-practice.png 4x"},"classes":[]},{"id":56951,"url":"https:\/\/cloudproinc.com.au\/index.php\/2026\/02\/04\/how-python-info-stealers-are-targeting-macos-endpoints\/","url_meta":{"origin":53906,"position":3},"title":"How Python Info-Stealers Are Targeting macOS Endpoints","author":"CPI Staff","date":"February 4, 2026","format":false,"excerpt":"Python-based info-stealers are increasingly hitting macOS via fake installers, copy-paste \u201cfixes,\u201d and stealthy packaging. Learn how they work, what they steal, and how to harden Macs in business environments.","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/cloudproinc.com.au\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"\/wp-content\/uploads\/2026\/02\/post-6.png","width":350,"height":200,"srcset":"\/wp-content\/uploads\/2026\/02\/post-6.png 1x, \/wp-content\/uploads\/2026\/02\/post-6.png 1.5x, \/wp-content\/uploads\/2026\/02\/post-6.png 2x, \/wp-content\/uploads\/2026\/02\/post-6.png 3x, \/wp-content\/uploads\/2026\/02\/post-6.png 4x"},"classes":[]},{"id":53910,"url":"https:\/\/cloudproinc.com.au\/index.php\/2025\/09\/21\/build-a-chat-bot-with-streamlit\/","url_meta":{"origin":53906,"position":4},"title":"Build a Chat Bot with Streamlit","author":"CPI Staff","date":"September 21, 2025","format":false,"excerpt":"A practical, friendly guide to designing, building, and shipping a Streamlit chat bot with modern LLMs, retrieval, and secure deployment for teams.","rel":"","context":"In &quot;AI&quot;","block_context":{"text":"AI","link":"https:\/\/cloudproinc.com.au\/index.php\/category\/ai\/"},"img":{"alt_text":"","src":"\/wp-content\/uploads\/2025\/09\/build-a-chat-bot-with-streamlit-an-end-to-end-guide-for-teams.png","width":350,"height":200,"srcset":"\/wp-content\/uploads\/2025\/09\/build-a-chat-bot-with-streamlit-an-end-to-end-guide-for-teams.png 1x, \/wp-content\/uploads\/2025\/09\/build-a-chat-bot-with-streamlit-an-end-to-end-guide-for-teams.png 1.5x, \/wp-content\/uploads\/2025\/09\/build-a-chat-bot-with-streamlit-an-end-to-end-guide-for-teams.png 2x, \/wp-content\/uploads\/2025\/09\/build-a-chat-bot-with-streamlit-an-end-to-end-guide-for-teams.png 3x, \/wp-content\/uploads\/2025\/09\/build-a-chat-bot-with-streamlit-an-end-to-end-guide-for-teams.png 4x"},"classes":[]},{"id":53614,"url":"https:\/\/cloudproinc.com.au\/index.php\/2025\/08\/14\/turn-wordpress-posts-into-voice-blogs-with-python-openai-tts\/","url_meta":{"origin":53906,"position":5},"title":"Turn WordPress Posts into \u201cVoice Blogs\u201d with Python + OpenAI TTS","author":"CPI Staff","date":"August 14, 2025","format":false,"excerpt":"This blog post, \"Turn WordPress Posts into \u201cVoice Blogs\u201d with Python + OpenAI TTS\" will show you how to pull posts from a WordPress site via the REST API, converts the article content to speech using OpenAI\u2019s Text-to-Speech (TTS), saves an MP3, and (optionally) uploads the file back to your\u2026","rel":"","context":"In &quot;AI&quot;","block_context":{"text":"AI","link":"https:\/\/cloudproinc.com.au\/index.php\/category\/ai\/"},"img":{"alt_text":"","src":"\/wp-content\/uploads\/2025\/08\/turn-wordpress-posts-into-voice-blogs-with-python-openai-tts-1.png","width":350,"height":200,"srcset":"\/wp-content\/uploads\/2025\/08\/turn-wordpress-posts-into-voice-blogs-with-python-openai-tts-1.png 1x, \/wp-content\/uploads\/2025\/08\/turn-wordpress-posts-into-voice-blogs-with-python-openai-tts-1.png 1.5x, \/wp-content\/uploads\/2025\/08\/turn-wordpress-posts-into-voice-blogs-with-python-openai-tts-1.png 2x, \/wp-content\/uploads\/2025\/08\/turn-wordpress-posts-into-voice-blogs-with-python-openai-tts-1.png 3x, \/wp-content\/uploads\/2025\/08\/turn-wordpress-posts-into-voice-blogs-with-python-openai-tts-1.png 4x"},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cloudproinc.com.au\/index.php\/wp-json\/wp\/v2\/posts\/53906","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudproinc.com.au\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudproinc.com.au\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudproinc.com.au\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudproinc.com.au\/index.php\/wp-json\/wp\/v2\/comments?post=53906"}],"version-history":[{"count":2,"href":"https:\/\/cloudproinc.com.au\/index.php\/wp-json\/wp\/v2\/posts\/53906\/revisions"}],"predecessor-version":[{"id":53909,"href":"https:\/\/cloudproinc.com.au\/index.php\/wp-json\/wp\/v2\/posts\/53906\/revisions\/53909"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudproinc.com.au\/index.php\/wp-json\/wp\/v2\/media\/53907"}],"wp:attachment":[{"href":"https:\/\/cloudproinc.com.au\/index.php\/wp-json\/wp\/v2\/media?parent=53906"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudproinc.com.au\/index.php\/wp-json\/wp\/v2\/categories?post=53906"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudproinc.com.au\/index.php\/wp-json\/wp\/v2\/tags?post=53906"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}