Tutorials

Securing CaptchaAI Credentials in Environment Variables

Python Automation reCAPTCHA v2 Security & Compliance
By Irina
Published at Feb 12, 2026
Securing CaptchaAI Credentials in Environment Variables
Featured image unavailable

Hardcoding API keys in source code means anyone with repository access — or anyone who finds your code on a public repo — has your key. Environment variables keep credentials out of code, version control, and logs.

.env file (local development)

Create a .env file in your project root:

CAPTCHAAI_API_KEY=your_actual_api_key_here

Add it to .gitignore immediately:

# .gitignore
.env
.env.local
.env.production

Python (python-dotenv)

pip install python-dotenv

import os
from dotenv import load_dotenv

load_dotenv()

API_KEY = os.environ["CAPTCHAAI_API_KEY"]

# Use in API calls
import requests
resp = requests.post("https://ocr.captchaai.com/in.php", data={
    "key": API_KEY,
    "method": "userrecaptcha",
    "googlekey": "6Le-SITEKEY",
    "pageurl": "https://example.com",
    "json": "1",
})
print(resp.json())

JavaScript (dotenv)

npm install dotenv

require('dotenv').config();

const API_KEY = process.env.CAPTCHAAI_API_KEY;

if (!API_KEY) {
  console.error('CAPTCHAAI_API_KEY not set');
  process.exit(1);
}

// Use in API calls
const axios = require('axios');
const resp = await axios.post('https://ocr.captchaai.com/in.php', null, {
  params: {
    key: API_KEY,
    method: 'userrecaptcha',
    googlekey: '6Le-SITEKEY',
    pageurl: 'https://example.com',
    json: 1,
  },
});
console.log(resp.data);

System environment variables

Set variables at the OS level instead of using .env files:

Linux / macOS

export CAPTCHAAI_API_KEY="your_actual_api_key_here"

# Persist across sessions — add to ~/.bashrc or ~/.zshrc
echo 'export CAPTCHAAI_API_KEY="your_actual_api_key_here"' >> ~/.bashrc

Windows (PowerShell)

$env:CAPTCHAAI_API_KEY = "your_actual_api_key_here"

# Persist permanently
[System.Environment]::SetEnvironmentVariable("CAPTCHAAI_API_KEY", "your_actual_api_key_here", "User")

Docker

Environment variable in docker run

docker run -e CAPTCHAAI_API_KEY="your_key" my-scraper

Docker Compose

# docker-compose.yml
services:
  scraper:
    image: my-scraper
    environment:

      - CAPTCHAAI_API_KEY=${CAPTCHAAI_API_KEY}

The ${CAPTCHAAI_API_KEY} references the host's environment variable — the key never appears in the compose file.

Docker secrets (Swarm)

echo "your_actual_api_key_here" | docker secret create captchaai_key -

# docker-compose.yml (Swarm mode)
services:
  scraper:
    image: my-scraper
    secrets:

      - captchaai_key
secrets:
  captchaai_key:
    external: true

Read in code:

with open("/run/secrets/captchaai_key") as f:
    API_KEY = f.read().strip()

CI/CD pipelines

GitHub Actions

# .github/workflows/scrape.yml
jobs:
  scrape:
    runs-on: ubuntu-latest
    steps:

      - uses: actions/checkout@v4
      - run: python scraper.py
        env:
          CAPTCHAAI_API_KEY: ${{ secrets.CAPTCHAAI_API_KEY }}

Add the secret in Settings → Secrets and variables → Actions → New repository secret.

GitLab CI

# .gitlab-ci.yml
scrape:
  script:

    - python scraper.py
  variables:
    CAPTCHAAI_API_KEY: $CAPTCHAAI_API_KEY

Add the variable in Settings → CI/CD → Variables with the "Masked" option enabled.

Validation at startup

Always validate that the key exists and works before running your pipeline:

import os
import sys
import requests

API_KEY = os.environ.get("CAPTCHAAI_API_KEY")
if not API_KEY:
    print("ERROR: CAPTCHAAI_API_KEY environment variable not set")
    sys.exit(1)

# Verify key works
resp = requests.get("https://ocr.captchaai.com/res.php", params={
    "key": API_KEY, "action": "getbalance", "json": "1"
}).json()

if resp["status"] != 1:
    print(f"ERROR: Invalid API key — {resp['request']}")
    sys.exit(1)

print(f"API key valid — balance: ${float(resp['request']):.2f}")

Common mistakes

Mistake Risk Fix
Committing .env to Git Key exposed in repo history Add .env to .gitignore before first commit
Printing API key in logs Key visible in log aggregators Never log full keys — mask or omit them
Hardcoding in Dockerfile Key baked into image layers Use ENV at runtime, not in build stages
Sharing keys via chat/email Key intercepted or leaked Use a secrets manager or share via secure channel

FAQ

Should I encrypt the .env file?

For local development, .gitignore is sufficient. For production, use a cloud secret manager (AWS Secrets Manager, Google Secret Manager, Azure Key Vault) instead of .env files.

What if my key is already committed to Git?

Rotate the key immediately in your CaptchaAI dashboard. The old key in Git history remains accessible even after deleting the file.

Can I use multiple keys in one .env file?

Yes. Use comma-separated values or numbered keys:

CAPTCHAAI_KEYS=key1,key2,key3

keys = os.environ["CAPTCHAAI_KEYS"].split(",")

Secure your CaptchaAI integration from day one

Get your API key at captchaai.com.

Discussions (0)

No comments yet.

Related Posts

Reference CAPTCHA Token Injection Methods Reference
Complete reference for injecting solved CAPTCHA tokens into web pages.

CAPTCHA Token Injection Methods Reference

Complete reference for injecting solved CAPTCHA tokens into web pages. Covers re CAPTCHA, Turnstile, and Cloud...

Python Automation Cloudflare Turnstile
Apr 08, 2026
Explainers reCAPTCHA v2 Invisible: Trigger Detection and Solving
Detect and solve re CAPTCHA v 2 Invisible challenges with Captcha AI — identify triggers, extract parameters, and handle auto-invoked CAPTCHAs.

reCAPTCHA v2 Invisible: Trigger Detection and Solving

Detect and solve re CAPTCHA v 2 Invisible challenges with Captcha AI — identify triggers, extract parameters,...

Python Automation reCAPTCHA v2
Apr 07, 2026
Tutorials Pytest Fixtures for CaptchaAI API Testing
Build reusable pytest fixtures to test CAPTCHA-solving workflows with Captcha AI.

Pytest Fixtures for CaptchaAI API Testing

Build reusable pytest fixtures to test CAPTCHA-solving workflows with Captcha AI. Covers mocking, live integra...

Python Automation Cloudflare Turnstile
Apr 08, 2026
API Tutorials How to Solve reCAPTCHA v2 Enterprise with Python
Solve re CAPTCHA v 2 Enterprise using Python and Captcha AI API.

How to Solve reCAPTCHA v2 Enterprise with Python

Solve re CAPTCHA v 2 Enterprise using Python and Captcha AI API. Complete guide with sitekey extraction, task...

Python Automation reCAPTCHA v2
Apr 08, 2026
Troubleshooting ERROR_PAGEURL: URL Mismatch Troubleshooting Guide
Fix ERROR_PAGEURL when using Captcha AI.

ERROR_PAGEURL: URL Mismatch Troubleshooting Guide

Fix ERROR_PAGEURL when using Captcha AI. Diagnose URL mismatch issues, handle redirects, SPAs, and dynamic URL...

Python Automation Cloudflare Turnstile
Mar 23, 2026
Troubleshooting Handling reCAPTCHA v2 and Cloudflare Turnstile on the Same Site
Solve both re CAPTCHA v 2 and Cloudflare Turnstile on sites that use multiple CAPTCHA providers — detect which type appears, solve each correctly, and handle pr...

Handling reCAPTCHA v2 and Cloudflare Turnstile on the Same Site

Solve both re CAPTCHA v 2 and Cloudflare Turnstile on sites that use multiple CAPTCHA providers — detect which...

Python Automation Cloudflare Turnstile
Mar 23, 2026
Tutorials CAPTCHA Solving Fallback Chains
Implement fallback chains for CAPTCHA solving with Captcha AI.

CAPTCHA Solving Fallback Chains

Implement fallback chains for CAPTCHA solving with Captcha AI. Cascade through solver methods, proxy pools, an...

Python Automation Cloudflare Turnstile
Apr 06, 2026
Use Cases Multi-Step Workflow Automation with CaptchaAI
Manage workflows across multiple accounts on CAPTCHA-protected platforms — , action, and data collection at scale.

Multi-Step Workflow Automation with CaptchaAI

Manage workflows across multiple accounts on CAPTCHA-protected platforms — , action, and data collection at sc...

Python Automation Cloudflare Turnstile
Apr 06, 2026
Comparisons CaptchaAI Webhooks vs Polling: Which Retrieval Method to Use
Compare polling and webhook (pingback) approaches for retrieving Captcha AI results.

CaptchaAI Webhooks vs Polling: Which Retrieval Method to Use

Compare polling and webhook (pingback) approaches for retrieving Captcha AI results. Covers latency, complexit...

Python Automation reCAPTCHA v2
Feb 23, 2026
Tutorials CaptchaAI Webhook Security: Validating Callback Signatures
Secure your Captcha AI callback/pingback endpoints — validate request origins, implement HMAC signatures, and protect against replay attacks.

CaptchaAI Webhook Security: Validating Callback Signatures

Secure your Captcha AI callback/pingback endpoints — validate request origins, implement HMAC signatures, and...

Python Automation All CAPTCHA Types
Feb 15, 2026
Tutorials Handling Multiple CAPTCHAs on a Single Page
how to detect and solve multiple CAPTCHAs on a single web page using Captcha AI.

Handling Multiple CAPTCHAs on a Single Page

Learn how to detect and solve multiple CAPTCHAs on a single web page using Captcha AI. Covers multi-iframe ext...

Python Cloudflare Turnstile reCAPTCHA v2
Apr 09, 2026
Tutorials Streaming Batch Results: Processing CAPTCHA Solutions as They Arrive
Process CAPTCHA solutions the moment they arrive instead of waiting for tasks to complete — use async generators, event emitters, and callback patterns for stre...

Streaming Batch Results: Processing CAPTCHA Solutions as They Arrive

Process CAPTCHA solutions the moment they arrive instead of waiting for all tasks to complete — use async gene...

Python Automation All CAPTCHA Types
Apr 07, 2026