Should not encourage sensitive credentials in repo

[mryellow]

As with https://github.com/veox/python2-krakenex/issues/4 the committing of a sensitive file to source control is less than ideal. Instead private sensitive information should be kept out of repositories.

[veox]

From the other issue:

Would be better to provide a setup which uses dotenv or something similar and gitignores the local credential file. As it stands you're encouraging users to go with a layout which is less than best practice.

[veox]

Currently, the examples show load_key('file-in-same-dir.key'). This could be changed to something else (e.g. '/secure-store/kraken.key').

What would using dotenv provide? After all, this approach still needs a .gitignore. The current one has a line for *.key. Perhaps there should be a recommendation to copy this file to the project directory...

[mryellow]

Perhaps there should be a recommendation

Not a bad idea.

In the past I've had setups where sensitive file is gitignore'd but leaving an example version like: kraken.example.key. Then you can put a real version right next to it and be assured it isn't committed.