Best way to handle user constants (e.g. API key)?

#1

When developing a package, what is the convention/best way to handle user constants? e.g. API key, user name, etc.

0 Likes

#2

An easy way is to just have constants const API_KEY = ... etc in your code. But if this is sensitive or user specific information that you don’t want checked in, you’ll have to remove/re-add these fields every time you check in, which is a hassle. A better solution then is to:

  • Put these fields in a config file, using a readable format with support for comments (not JSON!). For example YAML or XML.
  • Assuming that the fields are sensitive (API key), don’t check the file in. Add it to .gitignore.
  • If the config file is missing, as will be the case when people first install your package, make your script give very detailed error messages for what it expects. You can for example have a template.yml file that the user can copy and populate. Or make your script copy it, or ask for the information and populate the config file.
  • If you ever checked in sensitive information, and then removed it, think again
2 Likes

#3

An environment variable, which the user can set in startup.jl or outside Julia.

1 Like

#4

In a (non Julia package related repo) I used git-crypt [1] for sensitive config data. A bit of a quick and dirty distribution of login credentials among people who have (locally) the key.

Lacking the key the file content is garbled and can be removed again ‘without thinking’ from the repository. It’s certainly not a convention or a common practice for package user constants, but might come handy in certain circumstances.

[1] https://github.com/AGWA/git-crypt

0 Likes