I’d like to have the ability to edit the contents of a secret (accessible via the secrets pane) in my code. I know that traditionally, .env are used for storing secret values. Does Replit do this, just make it inaccessible to edit by the user? If so, is there a way to edit it from the code? If not, how do they store it?
I’d try to use os.environ["MYSECRET"] = "some value", but that does nothing, even though printing os.environ["MYSECRET"] gets the value.
Why would you edit it with code?
If you set it through code, then it’s not secret anymore.
I was wondering the same thing before, but like why would you even want to edit it? It just doesn’t make sense
I’d like to take in input from the user and then change a certain secret to the value the user inputted. That’s why I want to edit it via the code. Is there an alternative to this that I can use? I’m using Flask to get input from the user, if that helps.
But why even use Secrets then? That’s not what they’re made for.
Yes. You can use, like, replit.web, e.g.:
from flask import Flask, request
from replit import web
app = Flask(__name__)
users = web.UserStore()
@app.route("change-value", methods=["POST"])
@web.authenticated
def change_value():
users.current["value"] = request.form["value"]
return redirect(url_for("index"))
if __name__ == "__main__":
app.run("0.0.0.0")@QwertyQwerty88 Because I want that value to be possible to access later, but be safe and not available to everyone. What should I use? I can’t use Replit Auth because I’m not logging in with Replit — that’s what replit web is for, right?
Yes, Replit web was just an example. I’m not totally sure but Replit DB might be insecure. You could try saving to an external DB. 
You could try encrypting the values, using a single secret key. But then this puts all of the security responsibility on a single Secrets value. No database is 100% secure though.
In some cases, you don’t need the exact value and a one way function can provide an output that is still usable but almost worthless to get a hold of (e.g. password hashes).
This is likely because changes to os.environ are not persisted and reflected in Replit’s Secrets; such design serves as a security measure on many platforms. If you want to add or modify a secret for use in your code, you must utilize the mechanisms provided by Replit, not create your own. Replit sets environment variables at the start of the process, and these take precedence over any changes you attempt to make within the process.
I think I’ll do that, great idea!
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.