Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update guidance to manage tokens in environment, rather than plaintext #2255

Closed
pandasa123 opened this issue Nov 7, 2024 · 1 comment · Fixed by #2322
Closed

Update guidance to manage tokens in environment, rather than plaintext #2255

pandasa123 opened this issue Nov 7, 2024 · 1 comment · Fixed by #2322
Assignees
Labels
content request request for new content to be added content 📄
Milestone

Comments

@pandasa123
Copy link
Collaborator

pandasa123 commented Nov 7, 2024

URL, if applicable

Describe the new content you are requesting.

What needs to updates?

Currently, we state the following:

Account credentials are saved in plain text, so only do so if you are using a trusted device.

This issue has two parts:

  1. We should update the setup instructions
  2. Places where we state the above warning, we should add a link for users to learn how securely manage their token
  3. Update places where <YOUR_IQP_API_TOKEN> is stated to os.getenv("IQP_API_TOKEN")

Content

To store sensitive information like account credentials more securely, it’s a good practice to use environment variables instead of saving them in plain text. Here’s how you can modify your code to load the API token from an environment variable.

  1. Set the environment variable:

Set the IQP_API_TOKEN environment variable in your system. You can do this by adding the following line to your shell profile (e.g., .bashrc, .zshrc) or by setting it directly in your terminal:

export IQP_API_TOKEN="<YOUR_IQP_API_TOKEN>"
  1. Modify the Code to Retrieve the Token from the Environment Variable

Update your code to retrieve the token from the environment variable instead of saving it directly:

import os
from qiskit_ibm_catalog import QiskitFunctionsCatalog

# Gather the token from your environment
iqp_api_token = os.getenv("IQP_API_TOKEN")

QiskitFunctionsCatalog.save_account(token=iqp_api_token)

If this new content request is accepted, do you want to write the content?

I can help the team by providing enough information to write the material

@pandasa123 pandasa123 added content request request for new content to be added content 📄 needs triage 🤔 this issue needs to be prioritized by the docs team labels Nov 7, 2024
@pandasa123 pandasa123 changed the title Update guidance to securely store tokens Update guidance to manage tokens in environment, rather than plaintext Nov 7, 2024
@javabster javabster removed the needs triage 🤔 this issue needs to be prioritized by the docs team label Nov 7, 2024
@javabster
Copy link
Collaborator

if possible would be good to put this inside a twisty to save some space in an already long page

@javabster javabster added this to the Nov 13 milestone Nov 11, 2024
@abbycross abbycross moved this to In Progress in Docs Planning Nov 15, 2024
github-merge-queue bot pushed a commit that referenced this issue Nov 27, 2024
Closes #2255

---------

Co-authored-by: Eric Arellano <[email protected]>
Co-authored-by: Rebecca Dimock <[email protected]>
Co-authored-by: Frank Harkins <[email protected]>
Co-authored-by: Jessie Yu <[email protected]>
@github-project-automation github-project-automation bot moved this from In Progress to Done in Docs Planning Nov 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
content request request for new content to be added content 📄
Projects
Status: Done
Development

Successfully merging a pull request may close this issue.

5 participants