This commit was merged in pull request #105.
This commit is contained in:
@@ -90,10 +90,10 @@ Set one for a single command:
|
||||
|
||||
```bash
|
||||
# macOS / Linux
|
||||
TASKS_API_KEY="sk-live-..." python sync.py
|
||||
TASKS_API_KEY="sk-live-..." python3 sync.py
|
||||
|
||||
# Windows PowerShell
|
||||
$env:TASKS_API_KEY="sk-live-..."; python sync.py
|
||||
$env:TASKS_API_KEY="sk-live-..."; python3 sync.py
|
||||
```
|
||||
|
||||
Read it back in code, and **fail loudly if it's missing**, because a silent empty string is worse
|
||||
@@ -307,7 +307,7 @@ type the commands by hand. Then you'll make it select config per environment.
|
||||
|
||||
```bash
|
||||
cd ~/ai-workflow-course/tasks-app
|
||||
python sync.py
|
||||
python3 sync.py
|
||||
```
|
||||
|
||||
It prints a simulated request, including `Authorization: Bearer sk-live-...`. Open `sync.py` and
|
||||
@@ -407,7 +407,7 @@ type the commands by hand. Then you'll make it select config per environment.
|
||||
5. Run it reading from your `.env`:
|
||||
|
||||
```bash
|
||||
python sync.py # loads .env -> dev URL, key from the file
|
||||
python3 sync.py # loads .env -> dev URL, key from the file
|
||||
```
|
||||
|
||||
6. Now prove the 12-factor point: **same code, different environment, no edit.** Override at the
|
||||
@@ -415,13 +415,13 @@ type the commands by hand. Then you'll make it select config per environment.
|
||||
|
||||
```bash
|
||||
# macOS / Linux
|
||||
APP_ENV=staging python sync.py
|
||||
APP_ENV=prod TASKS_API_KEY="sk-live-prod-key" python sync.py
|
||||
APP_ENV=staging python3 sync.py
|
||||
APP_ENV=prod TASKS_API_KEY="sk-live-prod-key" python3 sync.py
|
||||
```
|
||||
|
||||
```powershell
|
||||
# Windows PowerShell
|
||||
$env:APP_ENV="staging"; python sync.py
|
||||
$env:APP_ENV="staging"; python3 sync.py
|
||||
```
|
||||
|
||||
Watch the backend URL change with `APP_ENV` while the source never does. That's config in the
|
||||
@@ -483,7 +483,7 @@ left behind a `.env.example` so the next person (or agent) knows what to supply.
|
||||
- `sync.py` runs entirely from the environment, and `grep "sk-live" sync.py` prints nothing.
|
||||
- A real `.env` exists, contains your secret, and does **not** appear in `git status`, while
|
||||
`.env.example` is tracked.
|
||||
- `APP_ENV=staging python sync.py` and the default run hit different backend URLs with **zero**
|
||||
- `APP_ENV=staging python3 sync.py` and the default run hit different backend URLs with **zero**
|
||||
source edits between them.
|
||||
- You can state, in one sentence, why deleting a committed secret and re-committing does not fix the
|
||||
leak, and what the actual fix is (rotation).
|
||||
|
||||
@@ -11,7 +11,7 @@ Your job in the lab is to refactor BOTH out of the source and into the environme
|
||||
ahead and fix it yet; first run it as-is so you can see the smell.
|
||||
|
||||
Run it:
|
||||
python sync.py
|
||||
python3 sync.py
|
||||
|
||||
It does not actually hit the network (so the lab works offline, on any OS); it simulates the
|
||||
request and prints what it *would* send.
|
||||
|
||||
Reference in New Issue
Block a user