Discussion

To ensure security of the data, all services are password or API key protected, making it impossible to access the transiting data without knowing the logins. The python script searches for the secrets in the environment variable so that they are not saved in the source code. Thanks to the python-dotenv library, the variables from the .env file are added to the environment variable giving two ways of providing secrets in production or development. The .env file is present in the .gitignore so it’s not committed to version control software and the file .env.example file can be renamed and filled in to configure secrets. This means that the only way to access these secrets is through physical access to the Raspberry Pi as the SD card can easily be read by a computer to access data inside.

MANGODB_USERNAME=
MANGODB_PASSWORD=
THINGSPEAK_API_KEY=
MQTT_BROKER_URL=
MQTT_BROKER_PORT=
MQTT_USERNAME=
MQTT_PASSWORD=
FAKE_SENSORS=False