SECURITY: Remove .cdsapirc file and implement environment variable authentication

- Remove sensitive .cdsapirc file from repository
- Update cams_downloader.py to prioritize environment variables
- Add .cdsapirc to .gitignore to prevent future commits
- Update error messages and documentation
- Add instructions for secure credential setup in Hugging Face Spaces

.cdsapirc

@@ -1,2 +0,0 @@
-url: https://ads.atmosphere.copernicus.eu/api
-key: 4492fecf-e164-45ed-9d8e-fc86ca282600

.gitignore

@@ -1,6 +1,11 @@
 .DS_Store
 __pycache__/
 
+# Credentials and sensitive files
+.cdsapirc
+*.env
+.env*
+
 # Any file in these folders should be ignored.
 static/
 plots/

README.md

@@ -33,6 +33,24 @@ A comprehensive web application for visualizing atmospheric composition data fro
 
 This application uses data from the Copernicus Atmosphere Monitoring Service (CAMS), which provides global atmospheric composition forecasts and analyses.
 
-## Note
+## CDS API Configuration
 
-For downloading CAMS data, you'll need to set up CDS API credentials. You can upload your own NetCDF files to explore the visualization features without API access.
+For downloading CAMS data, you need to set up CDS API credentials:
+
+### For Hugging Face Spaces (Recommended):
+1. Create an account at https://cds.climate.copernicus.eu/
+2. Go to your user profile and copy your API credentials
+3. In your Hugging Face Space settings, add these as **Secrets**:
+   - `CDSAPI_URL`: `https://ads.atmosphere.copernicus.eu/api`
+   - `CDSAPI_KEY`: Your API key from the CDS website
+
+### For Local Development:
+You can create a `.cdsapirc` file in your home directory:
+```
+url: https://ads.atmosphere.copernicus.eu/api
+key: your-api-key-here
+```
+
+**Note**: Never commit `.cdsapirc` files to public repositories as they contain sensitive credentials.
+
+You can also upload your own NetCDF files to explore the visualization features without API access.

app.py

@@ -139,7 +139,7 @@ def download_date():
     # --- End of Validation Logic ---
     
     if not downloader.is_client_ready():
-        flash('CDS API not configured. Please check your .cdsapirc file.', 'error')
+        flash('CDS API not configured. Please check your environment variables or .cdsapirc file.', 'error')
         return redirect(url_for('index'))
     
     try:

cams_downloader.py

@@ -29,7 +29,16 @@ class CAMSDownloader:
     def _init_client(self):
         """Initialize CDS API client"""
         try:
-            # Try to read .cdsapirc file from current directory first, then home directory
+            # First, try environment variables (preferred for cloud deployments)
+            cdsapi_url = os.getenv('CDSAPI_URL')
+            cdsapi_key = os.getenv('CDSAPI_KEY')
+            
+            if cdsapi_url and cdsapi_key:
+                self.client = cdsapi.Client(key=cdsapi_key, url=cdsapi_url)
+                print("✅ CDS API client initialized from environment variables")
+                return
+            
+            # Fallback: Try to read .cdsapirc file from current directory first, then home directory
             cdsapirc_path = Path.cwd() / ".cdsapirc"
             if not cdsapirc_path.exists():
                 cdsapirc_path = Path.home() / ".cdsapirc"
@@ -48,23 +57,23 @@ class CAMSDownloader:
                     elif line.startswith('key:'):
                         key = line.split(':', 1)[1].strip()
                 
-                print(url, key)
                 if url and key:
                     self.client = cdsapi.Client(key=key, url=url)
-                    print("✅ CDS API client initialized from .cdsapirc")
+                    print("✅ CDS API client initialized from .cdsapirc file")
+                    return
                 else:
                     raise ValueError("Could not parse URL or key from .cdsapirc file")
-            else:
-                # Try default initialization (will look for environment variables)
-                self.client = cdsapi.Client()
-                print("✅ CDS API client initialized with default settings")
+            
+            # Last resort: Try default initialization
+            self.client = cdsapi.Client()
+            print("✅ CDS API client initialized with default settings")
                 
         except Exception as e:
             print(f"⚠️  Warning: Could not initialize CDS API client: {str(e)}")
             print("Please ensure you have:")
             print("1. Created an account at https://cds.climate.copernicus.eu/")
-            print("2. Created a .cdsapirc file in your home directory with your credentials")
-            print("3. Or set CDSAPI_URL and CDSAPI_KEY environment variables")
+            print("2. Set CDSAPI_URL and CDSAPI_KEY environment variables (recommended for cloud deployments)")
+            print("3. Or created a .cdsapirc file in your home directory with your credentials")
             self.client = None
     
     def is_client_ready(self):

templates/index.html

@@ -147,9 +147,9 @@
                 {% if cds_ready %}✅ CDS API Ready{% else %}❌ CDS API Not Configured{% endif %}
             </span>
             {% if not cds_ready %}
-                <p style="margin: 10px 0 0 0; font-size: 14px; color: #721c24;">
-                    Please create a .cdsapirc file with your CDS credentials to enable data download.
-                </p>
+                                <small class="help-text">
+                    Please configure CDS API credentials via environment variables (CDSAPI_URL and CDSAPI_KEY) to enable data download.
+                </small>
             {% endif %}
         </div>