What is the correct way to handle secrets?

[zmrubin]

Hello! First off, what a cool project! Highlight of my morning finding out about it today :)

I started to dig in , and have not been able to find any documentation about the correct way to manage environment variables / secrets for things like API keys. In the example you just use
openai.api_key = "YOUR_API_KEY"

I can't imagine this is the best way to do it (would expose the keys on the github repo for example)
Does Pynecone have a recommended approach?

[masenf]

As a pynecone user, I deploy to prod with docker compose, so I use environment variables to access secrets.

API_KEY = os.environ["API_KEY"]

Then I set it in a .env file, which compose automatically reads.

There's other ways of course too. I would NOT recommend leaking your api key on github. Even committing it to a private repo is an exposure risk.