Skip to content
Pip Decks AI Building Bootcamp

Environment Variables & API Keys

These are basically secrets that your code needs to work but you don’t want to write directly into your code. So if you’re connecting to Stripe or OpenAI or whatever service (A program that runs quietly in the background, handling tasks without user interaction.), they give you an API key (A temporary, secret code that proves you have permission to access an API.) (effectively a unique password). You don’t want to just put that password in your code because if you push that to GitHub, now everyone can see your password. Bad.

The .env File

Section titled “The .env File”

So what you do is create a file called .env, and put your secrets in there. Like:

OPENAI_API_KEY=sk-whatever

And then your code reads from that file instead of having the actual API key written in it. The .env file stays on your machine, you never push it. There’s usually a .gitignore file that tells git, “Hey, don’t ever upload the .env file,” so it stays safe.

Beyond API Keys

Section titled “Beyond API Keys”

Environment variables aren’t just for API (Application Programming Interface - lets different software programs talk to each other.) keys. You might have different settings for when you’re developing versus when it’s live. Like, your database URL might be different locally than in production. So you’d have different .env files for different environments.

Setting Up Your Keys

Section titled “Setting Up Your Keys”

When you’re setting up a new project and it asks you to “add your API keys to .env,” that’s what it means. Create that file, put your keys in there, and the code will pick them up. The coding agent can help you set this up, but it’ll ask you for the actual keys because obviously it doesn’t know your passwords.

Open the file directly and add your API keys — don’t just paste them to the agent (although that’s a common mistake many people make at first).