but is there a way to keep them secret so people cant get value by looking at code.
You could encrypt them I suppose, but otherwise if you want cover page to access them, you would have to include them in .replit
. (I donât remember another way to do this right now, anyone else feel free to jump in)
Oh gosh this is a big mess
Ok so, I think I know what you are trying to do, but let me check just in case. You wanted to have a HIDDEN environment variable that you can use to check the password, right? You donât want people to see it, but when they run the program it should be able to use the value without people seeing it.
Am I right or no?
yes, I want to set a hidden environment variable.
Ok, so assuming I was correct, then you can, in fact, use the built in secrets. You have to go to the toolbar and select the secrets tab. Then you input the name of you environment variable and the value and click Add new secret
NOW in your code you do what I said before like this.
import os
secret_value = os.getenv("secretname")
This DOES let you access it when someone runs it, but no one can see it except owners or collaborators on the repl.
If others users can see your code, they can simply comment out the password checks, so theyâre useless.
That wonât let it access it, they arenât running a webserver
No it works, see this example I just made: https://replit.com/@SharkCoding/fox-bank-secure-login?v=1
Hey, it looks like you are looking for replidentity, the way to share secrets without them being open.
Learn more: Replit - Making Repl Identity More Accessible
the project prints None in the console.
Repl Identity has known vulnerabilities, so it shouldnât be used.
Oh⌠welp Iâm completely wrong thenâŚ
I guess it still showed for me because replit knows itâs my account.
Running your own repl from the cover page is effectively the same as running it from the editor.
Yeah, if you log out or try it in an incognito window, replit will treat it the same way it will for others running your repl.
but the problem is when other people run this replit the system can aces environment variables.
Log out, run your repl, and tell us what happens.
What? Not if theyâre set in secrets they canât. As I said earlier, the only way I can think of to work around this would be to encode them, then define them in .replit
. They could still decode them, but it would take more effort.
but how do I set secrets in .replit
Add a new item to the [env]
list in the .replit
file.
đ
Itâs a python repl, the [env]
part should already be there.