Your Lair can reference environment variables on process execution. For additional security, you can add both an .env or .secrets file. Your .secrets file should be used for any sensitive data, such as private keys, as it is end-to-end encrypted.
# my-lair-a > .env
USER=barry
VERSION=1.0.3
# my-lair-a > .secrets (example only, data is end-to-end encrypted)
API_KEY=hfy92kadHgkk29fahjsu3j922v9sjwaucahfFirst, create an .env or .secrets file in your Lair by selecting the + icon in the search bar or manually initializing an empty file.
Open the .env or .secrets file from your Lair file system. Select “+ Add New Env/Secret” and enter a key and value for your environment variable.
{% hint style="danger" %} To maintain strict security practices, environment variables added to the .secrets file cannot be modified after creation. Additionally, creating new variables within your .secrets file will require a network connection to avoid local persistence of any unencrypted data. {% endhint %}
Environment variables are injected into your Lair’s environment during process execution, and can be accessed using standard os libraries.
### main.py
import os
# Get environment variable values
USER = os.getenv('USER')
KEY = os.environ.get('API_KEY')
# Getting non-existent keys
FOO = os.getenv('FOO') # None
BAR = os.environ.get('BAR') # None
BAZ = os.environ['BAZ'] # KeyError: key does not exist.Your .secrets file is end-to-end encrypted and we employ the leading data practices to keep your sensitive data secure. Please see Security for more details.