Security
Hardcoded Secrets in Python: Why It's Dangerous
Committing API keys or passwords in source code is one of the most common security mistakes. Even private repos are at risk from secret scanning bots.
❌ Dangerous Code
import stripe stripe.api_key = 'sk_live_4eC39HqLyjWDarjtT1zdp7dc' DATABASE_URL = 'postgresql://admin:secret@db.myapp.com/prod'
✅ Secure Fix
import os import stripe stripe.api_key = os.environ['STRIPE_SECRET_KEY'] DATABASE_URL = os.environ['DATABASE_URL']
💡
Pro tip: Use environment variables for all secrets. Add .env to .gitignore and use python-dotenv for local development.
Paste this code into LearnCodeGuide
Detect Python vulnerabilities and bugs automatically with AI-powered analysis.
Analyze Python Code →