云 API 密钥安全方案推荐

import os
from tencentcloud.common import credential
from tencentcloud.common.exception.tencent_cloud_sdk_exception import TencentCloudSDKException
from tencentcloud.cvm.v20170312 import cvm_client, models

try:
    # 硬编码密钥到代码中有可能随代码泄露而暴露，有安全隐患，不推荐
    # 为保护密钥安全，建议将密钥设置在环境变量中
    # cred = credential.Credential("secretId", "secretKey")
    cred = credential.Credential(
        os.environ.get("TENCENTCLOUD_SECRET_ID"),
        os.environ.get("TENCENTCLOUD_SECRET_KEY"))
    client = cvm_client.CvmClient(cred, "ap-shanghai")

    req = models.DescribeInstancesRequest()
    resp = client.DescribeInstances(req)

    print(resp.to_json_string())
except TencentCloudSDKException as err:
    print(err)

# 换取临时秘钥的 SDK 示例
import json
import os
from tencentcloud.common import credential
from tencentcloud.common.profile.client_profile import ClientProfile
from tencentcloud.common.profile.http_profile import HttpProfile
from tencentcloud.common.exception.tencent_cloud_sdk_exception import TencentCloudSDKException
from tencentcloud.sts.v20180813 import sts_client, models

try:
# 实例化一个认证对象，入参需要传入腾讯云账户的secretId和secretKey，为了保护密钥安全，建议结合方案一，将密钥设置在环境变量中
    cred = credential.Credential(
    os.environ.get("TENCENTCLOUD_SECRET_ID"),
    os.environ.get("TENCENTCLOUD_SECRET_KEY"))
    httpProfile = HttpProfile()
    httpProfile.endpoint = "sts.tencentcloudapi.com"
    clientProfile = ClientProfile()
    clientProfile.httpProfile = httpProfile
    client = sts_client.StsClient(cred, "", clientProfile)
    req = models.GetFederationTokenRequest()
    params = {
    }
    req.from_json_string(json.dumps(params))
    resp = client.GetFederationToken(req)
    print(resp.to_json_string())
except TencentCloudSDKException as err:
    print(err)