From 5764751c2629879cf0c87a38039af67d19302f79 Mon Sep 17 00:00:00 2001
From: vanshshah10002-prog <vanshshah10002@gmail.com>
Date: Wed, 25 Feb 2026 05:28:44 +0530
Subject: [PATCH] security: remove all hardcoded API keys, use dotenv
 environment variables

---
 01_basic_stock_data.py            |  5 ++++-
 02_ratios_and_models.py           |  5 ++++-
 03_technicals_risk_performance.py |  5 ++++-
 04_economics_and_export.py        |  5 ++++-
 advisor.py                        |  5 ++++-
 app.py                            | 14 ++++++++------
 backtester.py                     |  5 ++++-
 test_intraday.py                  |  5 ++++-
 8 files changed, 36 insertions(+), 13 deletions(-)

diff --git a/01_basic_stock_data.py b/01_basic_stock_data.py
index 283d290..0f021cd 100644
--- a/01_basic_stock_data.py
+++ b/01_basic_stock_data.py
@@ -10,9 +10,12 @@ Run this file:  python 01_basic_stock_data.py
 """
 
 from financetoolkit import Toolkit
+import os
+from dotenv import load_dotenv
+load_dotenv()
 
 # ── 1. Setup ──────────────────────────────────────────────────────────
-API_KEY = "wybWEsp1oB9abHfz3yPpQYwffxaN21B7"
+API_KEY = os.environ.get("FMP_API_KEY", "")
 
 # You can pass one ticker or a list of tickers.
 # start_date limits how far back data goes.
diff --git a/02_ratios_and_models.py b/02_ratios_and_models.py
index 018a521..d15b817 100644
--- a/02_ratios_and_models.py
+++ b/02_ratios_and_models.py
@@ -9,8 +9,11 @@ Run this file:  python 02_ratios_and_models.py
 """
 
 from financetoolkit import Toolkit
+import os
+from dotenv import load_dotenv
+load_dotenv()
 
-API_KEY = "wybWEsp1oB9abHfz3yPpQYwffxaN21B7"
+API_KEY = os.environ.get("FMP_API_KEY", "")
 
 companies = Toolkit(
     tickers=["AAPL", "MSFT", "GOOGL"],
diff --git a/03_technicals_risk_performance.py b/03_technicals_risk_performance.py
index 8e1bb85..7fa9bd1 100644
--- a/03_technicals_risk_performance.py
+++ b/03_technicals_risk_performance.py
@@ -10,8 +10,11 @@ Run this file:  python 03_technicals_risk_performance.py
 """
 
 from financetoolkit import Toolkit
+import os
+from dotenv import load_dotenv
+load_dotenv()
 
-API_KEY = "wybWEsp1oB9abHfz3yPpQYwffxaN21B7"
+API_KEY = os.environ.get("FMP_API_KEY", "")
 
 companies = Toolkit(
     tickers=["AAPL", "MSFT"],
diff --git a/04_economics_and_export.py b/04_economics_and_export.py
index 0384c3a..8cb0cfd 100644
--- a/04_economics_and_export.py
+++ b/04_economics_and_export.py
@@ -9,8 +9,11 @@ Run this file:  python 04_economics_and_export.py
 """
 
 from financetoolkit import Toolkit
+import os
+from dotenv import load_dotenv
+load_dotenv()
 
-API_KEY = "wybWEsp1oB9abHfz3yPpQYwffxaN21B7"
+API_KEY = os.environ.get("FMP_API_KEY", "")
 
 companies = Toolkit(
     tickers=["AAPL"],
diff --git a/advisor.py b/advisor.py
index 8fa5041..76bf141 100644
--- a/advisor.py
+++ b/advisor.py
@@ -5,8 +5,11 @@ Analyzes Technicals + News to suggest Long, Short, or Hedge positions.
 import technical_analyzer
 import news_analyzer
 import sys
+import os
+from dotenv import load_dotenv
+load_dotenv()
 
-API_KEY = "wybWEsp1oB9abHfz3yPpQYwffxaN21B7"
+API_KEY = os.environ.get("FMP_API_KEY", "")
 
 def get_user_input():
     print("\n=== Financial Advisor (Bi-Directional Hedge Edition) ===")
diff --git a/app.py b/app.py
index 403d205..4650bde 100644
--- a/app.py
+++ b/app.py
@@ -13,7 +13,9 @@ import openpyxl
 from io import BytesIO
 from datetime import datetime, timedelta
 from difflib import SequenceMatcher
-import json, traceback, time, math
+import json, traceback, time, math, os
+from dotenv import load_dotenv
+load_dotenv()
 
 app = Flask(__name__)
 
@@ -40,11 +42,11 @@ def safe_jsonify(data, status=200):
     text = text.replace(': -Infinity', ': null').replace(':-Infinity', ':null')
     return Response(text, status=status, mimetype='application/json')
 
-FMP_API_KEY = "wybWEsp1oB9abHfz3yPpQYwffxaN21B7"
-GEMINI_API_KEY = "AIzaSyBX8v2d_UV_Hktcj-AvV7TyR6TD5grn24w"  # fallback
-ALPHA_VANTAGE_KEY = "P0D5N0A8SVC00YUW"
-FINNHUB_KEY = "d6ao9dhr01qqjvbr6m1gd6ao9dhr01qqjvbr6m20"
-FRED_KEY = "010a35b0ca89efdef4234f33c5089d7a"
+FMP_API_KEY = os.environ.get("FMP_API_KEY", "")
+GEMINI_API_KEY = os.environ.get("GEMINI_API_KEY", "")
+ALPHA_VANTAGE_KEY = os.environ.get("ALPHA_VANTAGE_KEY", "")
+FINNHUB_KEY = os.environ.get("FINNHUB_API_KEY", "")
+FRED_KEY = os.environ.get("FRED_API_KEY", "")
 
 # ── AI Backend: Ollama (local) with Gemini fallback ──────
 OLLAMA_URL = "http://localhost:11434"
diff --git a/backtester.py b/backtester.py
index 783fdf7..f623511 100644
--- a/backtester.py
+++ b/backtester.py
@@ -10,9 +10,12 @@ import pandas as pd
 import numpy as np
 from financetoolkit import Toolkit
 import sys
+import os
+from dotenv import load_dotenv
+load_dotenv()
 
 # Constants
-API_KEY = "wybWEsp1oB9abHfz3yPpQYwffxaN21B7"
+API_KEY = os.environ.get("FMP_API_KEY", "")
 TICKERS = ["^NSEBANK", "NVDA", "TSLA"]
 MONTHLY_BUDGET = 300.0
 
diff --git a/test_intraday.py b/test_intraday.py
index 72ddb7e..54e5dbb 100644
--- a/test_intraday.py
+++ b/test_intraday.py
@@ -1,6 +1,9 @@
 from financetoolkit import Toolkit
+import os
+from dotenv import load_dotenv
+load_dotenv()
 
-API_KEY = "wybWEsp1oB9abHfz3yPpQYwffxaN21B7"
+API_KEY = os.environ.get("FMP_API_KEY", "")
 TICKER = "NVDA"
 
 try: