hibranwar
Course → Module 4: The Workspace
Session 7 of 7

Environment Setup: API Keys, .env Files, and Folder Structure

Session 4.7 · ~5 min read

Setting Up Once, Correctly

Environment setup is the unglamorous foundation that makes everything else work. It involves installing Python, configuring API keys, managing dependencies, and ensuring your project can run on any machine (or the same machine after an update). Do this once, do it correctly, and you never think about it again. Do it carelessly, and every subsequent session includes ten minutes of debugging environment issues.

Environment setup is infrastructure. Like plumbing in a building, nobody notices it when it works. Everyone notices when it does not. Spend the time now. Your future self will not have to troubleshoot at 11 PM when a deadline is looming.

Step 1: Python Installation

Python is the language your scripts run on. Most AI API libraries are Python-first, which means the best documentation, the most examples, and the fastest support all assume Python. If Python is already installed, verify the version: python --version. You need Python 3.9 or higher. If it is not installed, download it from python.org.

During installation on Windows, check the box that says "Add Python to PATH." This single checkbox prevents the most common installation problem: the terminal not finding Python when you type the command.

Step 2: Virtual Environments

A virtual environment is an isolated copy of Python for your project. Packages you install in one project do not affect other projects. This prevents the "it worked yesterday" problem where updating a package for Project A breaks Project B.

Command What It Does
python -m venv .venv Creates a virtual environment in a .venv folder
source .venv/bin/activate (Mac/Linux) Activates the virtual environment
.venv\Scripts\activate (Windows) Activates the virtual environment on Windows
pip install anthropic Installs a package inside the virtual environment
pip freeze > requirements.txt Saves all installed packages to a file
deactivate Exits the virtual environment

When the virtual environment is active, your terminal prompt changes (usually showing (.venv) at the beginning). All pip install commands now install into this project only.

Step 3: The .env File

API keys are passwords. They grant access to paid services. They must never appear in your code, never be committed to Git, and never be shared. The standard solution is a .env file: a plain text file in your project root that stores key-value pairs.

graph LR ENV[".env file
ANTHROPIC_API_KEY=sk-ant-..."] --> SCRIPT["generate.py
reads key from .env"] SCRIPT --> API["Claude API
authenticated request"] GIT[".gitignore
contains: .env"] -.->|blocks| ENV style ENV fill:#222221,stroke:#c47a5a,color:#ede9e3 style SCRIPT fill:#222221,stroke:#6b8f71,color:#ede9e3 style API fill:#222221,stroke:#c8a882,color:#ede9e3 style GIT fill:#222221,stroke:#8a8478,color:#ede9e3

Your .env file looks like this:

ANTHROPIC_API_KEY=sk-ant-your-key-here
OPENAI_API_KEY=sk-your-key-here
TAVILY_API_KEY=tvly-your-key-here

Your script reads these keys using the python-dotenv package: pip install python-dotenv. The script loads the file, reads the key, and uses it for authentication. The key never appears in your code.

Step 4: The .gitignore File

Immediately after creating your .env file, add it to .gitignore. This prevents Git from ever tracking or committing your API keys. This is not optional. Leaked API keys result in unauthorized charges on your account.

# Credentials
.env
.env.local

# Python
__pycache__/
*.pyc
.venv/

# OS files
.DS_Store
Thumbs.db

# Raw outputs (disposable)
outputs/raw/

Step 5: Requirements File

The requirements.txt file lists every Python package your project needs. When you set up the project on a new machine (or share it with a collaborator), one command installs everything: pip install -r requirements.txt.

A typical requirements file for AI content production:

anthropic>=0.25.0
openai>=1.30.0
python-dotenv>=1.0.0
tavily-python>=0.3.0

The Complete Setup Checklist

graph TD A["Install Python 3.9+"] --> B["Create project folder"] B --> C["Create virtual environment"] C --> D["Activate virtual environment"] D --> E["Install packages"] E --> F["Create .env with API keys"] F --> G["Create .gitignore"] G --> H["Initialize Git repository"] H --> I["First commit"] I --> J["Run test script"] J --> K{"Everything works?"} K -->|Yes| L["Environment ready"] K -->|No| M["Ask AI assistant to debug"] M --> J style A fill:#222221,stroke:#c8a882,color:#ede9e3 style F fill:#222221,stroke:#c47a5a,color:#ede9e3 style L fill:#222221,stroke:#6b8f71,color:#ede9e3

Further Reading

Assignment

Create a .env file in your project root with placeholder API keys. Install the python-dotenv package. Ask your AI coding assistant to create a script that reads an API key from .env and prints "API key loaded successfully" without printing the actual key. Add .env to your .gitignore file. Run the script. Commit the script and .gitignore (not the .env file) to Git. This is security hygiene.