Reputation: 8225
Proper place to access/store Heroku API Key for script
Let's say I have some code running on a Heroku dyno (such as this autoscaling script), that needs access to the Platform API. To access the API, I have to authenticate using my app's API Key.
What's the right way to do this?
- That script I referenced hardcoded the API Key in the script itself.
- A better practice generally seems to put secrets in environment variables, which is what Heroku normally recommends. However, they say they say:
Setting the HEROKU_API_KEY environment variable on your machine will interfere with normal functioning of auth commands from Toolbelt.
Clearly I could store the API key with under a different key name.
What's the right way? I couldn't find this in the documentation, but seems like a common issue.
Upvotes: 1
Views: 561
Answers (1)
Reputation: 32627
Yes, storing this token into a config var is the right way to go.
As for HEROKU_API_KEY, this will happen because locally, the toolbelt will look for the environment variable as one solution to try to fetch your token.
This won't impact your production environment (the heroku toolbelt isn't available within dynos).
Locally, you can also set it easily with a tool like python-dotenv, which will allow you to have a local .env file (don't check it into source control, or your token could be corrupted), with all of it's values available as env vars in your dev app.
Upvotes: 2
Related Questions
- Proper indentation for multiline strings?
- Cannot Access Azure Key Vault from Python script via 'os.environ["VAULT_URL]" - Key Error: "VAULT_URL"
- How to access the index value in a 'for' loop?
- How do I wait for a pressed key?
- Bitbucket pipelines configuration file error
- Authentication performed via Python script using an API access key
- Heroku / Node / React - how to access my node api endpoints on heroku
- Heroku / Elixir Phoenix Framework - host key verification failing for private Gitlab repos
- Architecturing API keys and access tokens