Aug-31-2022, 08:22 AM
(Aug-30-2022, 10:41 PM)mikey6785 Wrote: what is the best way to embed passwords in python scripts?
I am wanting to automate tasks that would typically require credentials.
Not putting them into Code is the best option. If a user uses it, he requires his own credentials. Those credentials could be saved in a file. If it's possible, use Tokens instead of username/password combination, if the API allows it.
Typical example:
import getpass
import json
from pathlib import Path
CREDS = Path.home().joinpath(".config/credentials.txt")
def get_creds(renew=False):
if CREDS.exists() and not renew:
with CREDS.open() as fd:
return json.load(fd)
else:
user = input("Username: ")
token = getpass.getpass("Token: ")
# getpass.getpass hides the characterss you enter
creds = {"user": user, "token": token}
with CREDS.open("w") as fd:
json.dump(creds, fd)
return credsQuote:i would prefer to use keyring and just make it to where I don't have to type in the master passIn the most use cases, developers are using APIs from third-party providers, which have mostly all a good management of Tokens + Access-Rights.
Exposing a password for everything is a bad idea. If you don't put credentials in your code, you can't accidentally upload it to the public. This happened to many devs. Most of them had luck because the "only" lost their Token. Losing the password which is maybe used at other places is a bad scenario. Never put master-keys and/or Username/Password in your Code. Use files instead.
Almost dead, but too lazy to die: https://sourceserver.info
All humans together. We don't need politicians!
All humans together. We don't need politicians!