How to add environment variables into replit in python

but is there a way to keep them secret so people cant get value by looking at code.

You could encrypt them I suppose, but otherwise if you want cover page to access them, you would have to include them in .replit. (I don’t remember another way to do this right now, anyone else feel free to jump in)

Oh gosh this is a big mess
:person_facepalming:

Ok so, I think I know what you are trying to do, but let me check just in case. You wanted to have a HIDDEN environment variable that you can use to check the password, right? You don’t want people to see it, but when they run the program it should be able to use the value without people seeing it.

Am I right or no?

3 Likes

yes, I want to set a hidden environment variable.

1 Like

Ok, so assuming I was correct, then you can, in fact, use the built in secrets. You have to go to the toolbar and select the secrets tab. Then you input the name of you environment variable and the value and click Add new secret
NOW in your code you do what I said before like this.

import os

secret_value = os.getenv("secretname")

This DOES let you access it when someone runs it, but no one can see it except owners or collaborators on the repl.

If others users can see your code, they can simply comment out the password checks, so they’re useless.

That won’t let it access it, they aren’t running a webserver

1 Like

No it works, see this example I just made: https://replit.com/@SharkCoding/fox-bank-secure-login?v=1

Hey, it looks like you are looking for replidentity, the way to share secrets without them being open.

Learn more: Replit - Making Repl Identity More Accessible

1 Like

the project prints None in the console.

1 Like

Repl Identity has known vulnerabilities, so it shouldn’t be used.

3 Likes

Oh… welp I’m completely wrong then… :person_facepalming:
I guess it still showed for me because replit knows it’s my account.

1 Like

Running your own repl from the cover page is effectively the same as running it from the editor.

2 Likes

Yeah, if you log out or try it in an incognito window, replit will treat it the same way it will for others running your repl.

but the problem is when other people run this replit the system can aces environment variables.

Log out, run your repl, and tell us what happens.

1 Like

What? Not if they’re set in secrets they can’t. As I said earlier, the only way I can think of to work around this would be to encode them, then define them in .replit. They could still decode them, but it would take more effort.

1 Like

but how do I set secrets in .replit

Add a new item to the [env] list in the .replit file.

🎆

It’s a python repl, the [env] part should already be there.

1 Like