Error installing requirements with no explanation

Sorry Randy,

After reading this email again, I realized you answered the question I proposed, and it appears to be
“The Ultimate Question”.

Thanks again.

This topic is Closed, lol

Ok Randy,

Now that I the function with either a .info or a .file (method?)
Can I use the st.secrets to place the path of the. json file instead of having to populate all of the keys to the .toml format.

It would be a lot cleaner from download to function.

Your thoughts ?

Correction,

Ok Randy,

Now that I understand the function is with either a .info or a .file (method?)
Can I use the st.secrets to place the path of the .json file instead of having to populate all of the keys to the .toml format.

It would be a lot cleaner from download to function.

Your thoughts ?

No. The important distinction here is that the only way to have a file available is to commit it to the GitHub repo, but this makes your private keys available to the world.

So by placing them in the Streamlit Cloud secrets, we’re providing that information to the container that launches your app, allowing the Streamlit app to have the credentials locally but NOT have them published on GitHub.

Ok,

So the .Streamlit folder can only be a localhost folder, not a Github folder ?

Regards

You could make .streamlit or any other folder available on GitHub, but that defeats the point of the API keys being secret.

On your local computer, it’s yours, so unless someone has access to your computer they can’t see the keys. For GitHub, you’re intentionally sharing the code publicly (to use the Community tier of Streamlit Cloud)

OK,

Thanks for all your help with this. It’s been a exciting learning curve.
I was thinking that even on GitHub the .Streamlit folder was not visible from a recent upload of the folder experience. I thought it prompted me from GitHub that this folder was invisible.
I must be mistaken and will check this out again. If it is invisible to the public, wouldn’t this idea of using the secret file pointing to this folder be a possible solution?

I could be wrong, but that’s what I recall.

Regards,

Davis Rogers M.S.M.E.

Class A BLD

SolidBuildersInc@aol.com

Missed this detail. So even though to me it is invisible, on the public site it’s visible ? Ok

Hey Randy,

Not sure if this is a feasable idea, but I jist came across it and thougjt I would share. I would like your thougjts on using this approach.

[https://github.blog/2020-04-14-github-is-now-free-for-teams/](https://github.blog/2020-04-14-github-is-now-free-for-teams/)

Regards,

Yes, private repos helps, but isn’t the solution. The Streamlit Cloud community tier currently only allows deploying from public repos. So having a private repo would keep your keys from being public…but you can’t deploy on the free tier :slight_smile:

But in general, you generally don’t want to copy credentials into the source code, even if it’s private. It’s better to have the credentials be injected into the app from a secure location.

Best,
Randy

Thanks Randy,

Appreciate your patience with me on this.
Now I can code with a clear objective and not Troubleshoot myself to no end, lol.

Regards,

1 Like

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.