Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update guidance to manage tokens in environment, rather than plaintext #2255

Open
pandasa123 opened this issue Nov 7, 2024 · 1 comment · May be fixed by #2322
Open

Update guidance to manage tokens in environment, rather than plaintext #2255

pandasa123 opened this issue Nov 7, 2024 · 1 comment · May be fixed by #2322
Assignees
@abbycross @beckykd
Labels
content request request for new content to be added content 📄
Milestone
Nov 13

Comments

@pandasa123
Copy link
Collaborator

pandasa123 commented Nov 7, 2024
edited
Loading

URL, if applicable

Describe the new content you are requesting.

What needs to updates?

Currently, we state the following:

Account credentials are saved in plain text, so only do so if you are using a trusted device.

This issue has two parts:

  1. We should update the setup instructions
  2. Places where we state the above warning, we should add a link for users to learn how securely manage their token
  3. Update places where <YOUR_IQP_API_TOKEN> is stated to os.getenv("IQP_API_TOKEN")

Content

To store sensitive information like account credentials more securely, it’s a good practice to use environment variables instead of saving them in plain text. Here’s how you can modify your code to load the API token from an environment variable.

  1. Set the environment variable:

Set the IQP_API_TOKEN environment variable in your system. You can do this by adding the following line to your shell profile (e.g., .bashrc, .zshrc) or by setting it directly in your terminal:

export IQP_API_TOKEN="<YOUR_IQP_API_TOKEN>"
  1. Modify the Code to Retrieve the Token from the Environment Variable

Update your code to retrieve the token from the environment variable instead of saving it directly:

import os
from qiskit_ibm_catalog import QiskitFunctionsCatalog

# Gather the token from your environment
iqp_api_token = os.getenv("IQP_API_TOKEN")

QiskitFunctionsCatalog.save_account(token=iqp_api_token)

If this new content request is accepted, do you want to write the content?

I can help the team by providing enough information to write the material
@pandasa123 pandasa123 added content request request for new content to be added content 📄 needs triage 🤔 this issue needs to be prioritized by the docs team labels Nov 7, 2024
@pandasa123 pandasa123 changed the title Update guidance to securely store tokens Update guidance to manage tokens in environment, rather than plaintext Nov 7, 2024
@javabster javabster removed the needs triage 🤔 this issue needs to be prioritized by the docs team label Nov 7, 2024
@javabster
Copy link
Collaborator

if possible would be good to put this inside a twisty to save some space in an already long page

@javabster javabster added this to the Nov 13 milestone Nov 11, 2024
@abbycross abbycross linked a pull request Nov 14, 2024 that will close this issue
Open
@abbycross abbycross moved this to In Progress in Docs Planning Nov 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@abbycross abbycross

@beckykd beckykd

Labels
content request request for new content to be added content 📄
Projects
Docs Planning
Status: In Progress
Milestone
Nov 13
Development

Successfully merging a pull request may close this issue.

Add instructions to securely manage token Qiskit/documentation
5 participants
@pandasa123 @javabster @abbycross @kaelynj @beckykd