Secret variables (env variables) not working for other users

tremscol · February 7, 2023, 5:33pm

Hey guys, I created a replit that uses Secret variables (env variables). Of course when I run the code it works for me, but if I share that link with someone else, they are getting errors that the variable does not exist. Why is that?

I saved a googlesheet url and my authentication token in my Secrets. I then call those variables in my code with:

url = os.getenv("url")
token = os.getenv("Bearer Token")

Headers = {
"Authorization":token
}

for some reason when another person is trying to run my replit, none of those variables are being passed to the requests function, 

text = requests.get(url=url, headers=Headers)

so the code is erroring out and nothing is being returned.
I am confused, as I thought the variables should work, it is just that they would not be visible for the other person.
Please advise

Repl link:

bigminiboss · February 7, 2023, 5:37pm

Basically replit forks the repl each time a non owner runs it and it will delete all env vars so that, for example, you cannot access an openAI or discord token by just running it, you’ll have to make these just vars, because if they could be accessed in code, you best believe that some guy is gonna try to hack it (and in this it’s easy just press ctrl+c and then import os and check env vars)

tremscol · February 7, 2023, 5:39pm

Thanks @bigminiboss .
I guess my understanding of these variables was wrong then. LOL.
I thought I could keep them safe while allowing other people to run my code. Sucks, that it doesnt work the way I was hoping/intending to.
Regards

bigminiboss · February 7, 2023, 5:51pm

yeah it’s really fine it’s just like that on REPLIT and people were quite against the update when it came out, I was for sure, so you’re not alone as this type of thing would probably work … anywhere else

tremscol · February 7, 2023, 5:56pm

IS there another solution out there (that you know of) that would allow me to do this? Send a link to my code to other people to run the script, while masking the env variables yet still have access to them so they can run the code?
Thanks @bigminiboss

bigminiboss · February 7, 2023, 5:59pm

not to my knowledge sadly, the best you can do I WOULD HAVE SAID is make a server that you can send a req with repl identity but even that’s broken so it’s sad to say but replit has basically broken every way to easily hide things

MiloCat · February 8, 2023, 4:26am

doesn’t that still return an error as you do not have access to env vars?

bigminiboss · February 8, 2023, 4:26am

That is true, I’m merely detailing what could happen if replit didn’t delete the env vars

MiloCat · February 8, 2023, 4:32am

yes, when you do:
import os; print(os.environ.keys()) after pressing ctrl+c it lists all the details of your personal run “fork”… which is kinda cool

system · February 15, 2023, 4:32am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.