Jul-29-2020, 06:16 AM
Hi,
I download a bunch of documents on a monthly basis and then mail them out to specific individuals. I wrote a code to automate the process using import os and import sendgrid. To use sendgrid, I have typed in the API Key into the program. My IT team is saying that "it's not a great practice for API credentials to be stored without proper procedure/process for encryption / security". What kind of security do I need and why?
I am an accountant and I don't have the technical background to understand the risks associated with sending emails using sendgrid. Can someone give a risk assessment of my code? I am trying to understand what could go wrong IF THE CODE WORKS. Please see below for the code (modified of course to omit sensitive details).
I download a bunch of documents on a monthly basis and then mail them out to specific individuals. I wrote a code to automate the process using import os and import sendgrid. To use sendgrid, I have typed in the API Key into the program. My IT team is saying that "it's not a great practice for API credentials to be stored without proper procedure/process for encryption / security". What kind of security do I need and why?
I am an accountant and I don't have the technical background to understand the risks associated with sending emails using sendgrid. Can someone give a risk assessment of my code? I am trying to understand what could go wrong IF THE CODE WORKS. Please see below for the code (modified of course to omit sensitive details).
#First we imoprt modules. the base64 is imported to encode the attachments
#datetime is imported so we can calculate the due date
#os module can redirect file path of where the documents (before renaming) are kept.
#SendGrid module is for the emailing
import base64
import datetime
import os
import sendgrid
from sendgrid.helpers.mail import *
#once the modules are imported, create the dictionaries for looking up how to rename files
# to whom the documents will be sent, how to decipher how the statement should be named, etc
#
#the nd {} converts the last 4 digits of the document number to receipient's initials, their First name, and their email address
#the mDict{} converts the long date string in "YYYYMMDD" format by breaking down the month in "Mmm" and year in "YYYY" format
nd = {
'1111':['BB','Bruce','[email protected]'],
'2222':['CK','Clarke','[email protected]'],
'3333':['BA','Berry','[email protected]'],
'4444':['HJ','Hal','[email protected]'],
}
#the change directory focuses the code at a specific folder. the whole program is designed to run on ALL FILES
# within the specified direcotry. this means that if the directory is not changed and left to Downloads or Documents for instance
# the program will try to rename every single file within download folder or documents folder. So, it is crucial to change this directory to
# somewhere that only contains the documents
#notice that the directory path is denoted with double \. this is because a single \ denotes line continuation in python. so
# D O N O T F O R G E T T O change the \ to \\
os.chdir('C:\\Users\\Joker\\Documents\\Python\\importantDocs')
mDict = {
'01':'Jan', '02':'Feb', '03':'Mar',
'04':'Apr', '05':'May', '06':'Jun',
'07':'Jul', '08':'Aug', '09':'Sep',
'10':'Oct', '11':'Nov', '12':'Dec'
}
# simple datetime calculation to add +14 days to today. 14 days is 10 business days + 4 weekend days.
tday = datetime.date.today()
TenBusnDays = datetime.timedelta(days=14)
dueDate = tday + TenBusnDays
# Loop starts.
for f in os.listdir():
fileName, fileExt = (os.path.splitext(f))
Stmt, cardEnd, date = (fileName.split('_'))
rEmail = nd[cardEnd][2]
rName = nd[cardEnd][1]
cardEnd = nd[cardEnd][0]
year = date[0:4]
date = mDict[date[4:6]]
newName = '{} - {} {}{}'.format(cardEnd, date, year, fileExt)
# below is a print statement for testing if the files will be renamed correctly. # out the next line (the os.rename line) when testing.
#print(newName, '--->', rName, '--->', rEmail,'--->','--->',date,'--->',year)
os.rename(f, newName)
#------------------------------------------------------------------------------------------------------------|
# |
# |
# At this point the files have been renamed. the next bit of code pertains to emailing. |
# |
# |
#------------------------------------------------------------------------------------------------------------|
#email body in HTML format. Be careful if passing non-string variables. Python won't concatenate non-string variables. so pass them under str()
email_body="""<p><span style="color: #000080;">Hi """ + rName + """,<br>Here's the super duper important file for """ + date + """ """ + year + """.<br>
Please give this page turner a read by """ + str(dueDate.strftime("%b %d, %Y")) + """. Please send me your comments as soon as possible. If you would like to discuss in person, I am happy to accomodate.<br>
<br>Thank you.</p></span>"""
#email parameters setup: Mail (from, to, subject, content)
#attachment is not an object that can be passed under Mail function. This is done separately below.
from_email = Email("[email protected]")
to_email = To(rEmail)
subject = "Super duper important document for " + date + ' ' + year
content = Content("text/html", email_body)
mail = Mail(from_email, to_email, subject, content)
#encoding and attaching file.
with open(newName, 'rb') as g:
data = g.read()
g.close()
encoded_file = base64.b64encode(data).decode()
#the filetype is not really necessary.
attachedFile = Attachment(
FileContent(encoded_file),
FileName(newName),
FileType('application/pdf'),
Disposition('attachment')
)
mail.attachment = attachedFile
sg = sendgrid.SendGridAPIClient(api_key='blahblahblahblah123412340234randomCharacterSequence')
response = sg.client.mail.send.post(request_body=mail.get())
print(response.status_code, response.body, response.headers)