Currently, sensitive information (like the Google Gemini and OpenWeatherMap API keys) is hardcoded directly in app.py. This is a major security risk and must be fixed.
Why This Is Important:
- It prevents our secret API keys from being exposed in version control (GitHub).
- It reduces the risk of accidental leaks and unauthorized use of our keys.
- It allows for safe deployment and separation of development/production environments.
Tasks:
- Remove all hardcoded secrets from
app.py.
- Modify the Python code to load these secrets from environment variables (using
os.environ.get()).
- Create a
.env.example file in the root directory that shows which variables are needed (but not their values).
- Update the
.gitignore file to ensure the .env file is never tracked.
- Update the
README.md (in the "Installation" section) to explain that users must now create their own .env file from the example.
Acceptance Criteria:
- No secret API keys exist in any tracked source code files.
- The application correctly reads its configuration from environment variables.
- The
README.md and .gitignore files are updated accordingly.
Currently, sensitive information (like the Google Gemini and OpenWeatherMap API keys) is hardcoded directly in
app.py. This is a major security risk and must be fixed.Why This Is Important:
Tasks:
app.py.os.environ.get())..env.examplefile in the root directory that shows which variables are needed (but not their values)..gitignorefile to ensure the.envfile is never tracked.README.md(in the "Installation" section) to explain that users must now create their own.envfile from the example.Acceptance Criteria:
README.mdand.gitignorefiles are updated accordingly.