Skip to content

Feat: Integrate python-dotenv for Secure API Credential Management #304

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pwildenhain merged 3 commits into from
Oct 8, 2025
Merged

Feat: Integrate python-dotenv for Secure API Credential Management #304

pwildenhain merged 3 commits into from
Oct 8, 2025

Conversation

@turkalpmd
Copy link
Contributor

@turkalpmd turkalpmd commented May 29, 2025

This pull request enhances PyCap by integrating python-dotenv for more secure and flexible management of REDCap API credentials.

Changes:

  • Added python-dotenv Dependency: The python-dotenv library is now a dependency, as specified in pyproject.toml. This allows users to load environment variables from a .env file.
  • Updated Documentation for .env Usage:
    • docs/quickstart.md: Updated the initial setup instructions to guide users on creating a .env file for REDCAP_API_URL and REDCAP_API_KEY, and how to load them using python-dotenv.
    • docs/index.md: The installation section now includes guidance on setting up a .env file for credential management.

Benefits:

  • Enhanced Security: Helps users avoid hardcoding sensitive API keys and URLs directly into their scripts, reducing the risk of accidental exposure.
  • Improved Configuration: Simplifies managing different configurations (e.g., for development, staging, production environments) by using distinct .env files.
  • Adherence to Best Practices: Promotes a standard and secure method for handling application secrets.

pwildenhain
pwildenhain requested changes Oct 8, 2025
View reviewed changes
Copy link
Collaborator

@pwildenhain pwildenhain left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍🏻 to using .env for credential management. I think it's a great call out since most REDCap users don't typically have a programming background and might not know about safe credential management.

Thanks also for updating the documentation to showcase how to use this

My only request is remove python-dotenv as a direct dependency. I think it's good advice for them to install and use it alongside PyCap but it's not integral to how the package itself works

@turkalpmd turkalpmd requested a review from pwildenhain October 8, 2025 18:06
@turkalpmd
Copy link
Contributor Author

turkalpmd commented Oct 8, 2025

Thanks for the feedback! I removed python-dotenv from the core dependencies and reverted the lockfile changes. The docs now just recommend installing it alongside PyCap, and I added a quickstart snippet plus a .env.example template so users can copy/paste their credentials. Let me know if anything else would help.

@turkalpmd turkalpmd requested a review from pwildenhain October 8, 2025 19:53
@turkalpmd
Copy link
Contributor Author

turkalpmd commented Oct 8, 2025

Fix lint setup and ensure tests run clean

@pwildenhain
Copy link
Collaborator

pwildenhain commented Oct 8, 2025

Don't worry about the CI failures, I think it has something to do with how my integration tests are setup. Thanks for you work!

@pwildenhain pwildenhain merged commit ced3685 into redcap-tools:master Oct 8, 2025
0 of 9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pwildenhain pwildenhain Awaiting requested review from pwildenhain

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@turkalpmd @pwildenhain