Skip to main content

33. Secure Storage and Key Management

Keep encryption keys separate from data and manage secrets with environment variables or vaults.

Example

from cryptography.fernet import Fernet
import os

key = os.getenv("APP_KEY") or Fernet.generate_key()
f = Fernet(key)
token = f.encrypt(b"Confidential message")
print("Encrypted:", token)
print("Decrypted:", f.decrypt(token))

Lesson: Use a managed secret (Vault, AWS KMS, env vars) — never hardcode encryption keys.