Correct way to protect a private API Key when versioning a python application on a public git repo

I would like to open-source a python project on Github but it contains an API key that should not be distributed.

I guess there's something better than removing the key each time a "push" is committed to the repo.

Imagine a simplified foomodule.py :

import urllib2
API_KEY = 'XXXXXXXXX'
urllib2.urlopen("http://example.com/foo?id=123%s" % API_KEY ).read()

What i'm thinking is:

1. Move the API_KEY in a second key.py module importing it on foomodule.py; i would then add key.py on .gitignore file.

2. Same as 1.开发者_Python百科 but using ConfigParser

Do you know any good programmatic way to handle this scenario?

have a versioned template key_template.py:

domain = 'example.com'
API_KEY = 

Check it out to local machine, fill sensitive fields (such as API_KEY) and save as key.py. Ignore key.py in your version-control software. It really doesn't matter if you keep it in Python files or use ConfigParser.

Automatic way might be to auto-merge on update with the existing key.py file.

One way would be to make it an explicit part of the interface. Make it an argument for your object constructors, for example. Or require the client to extend your class and provide a method, returning the key. It sucks when one needs to edit your module before she can use it.