How to securely store database password in Python?
Well, one way of doing this is putting the passwords in a separate config/ini file that is not deployed with the project. And then, pass the path of this file to the main entry of the application, e.g.:
python main.py --config=/path/to/config.ini
Note that you'll need to parse this --config
argument (see argparse) and then read and parse the config.ini
file.
Update:
Since you mentioned web applications, there is also another way of passing configuration information - through the environ
. For example, if you use mod_wsgi
, you can putt this in the wsgi directives:
SetEnv my_namespace.some_param some_value
And then, this value will be accessible in the application with through os.environ
:
import os
os.environ['my_namespace.some_param']
dotancohen
I currently develop and support the backends of a few LAMP-stack based web applications for BSS (Business Support Services) that my company specializes in. I have experience in software project management, business process development, and I ran a software development business for a short time (actually twice). I have been using PHP since 1998 or '99, and I'm reasonably competent in the associated client-side technologies. I find myself using Python often, mostly for my own personal projects, I'm quite poetic in VIM, and of course Git is a cornerstone of my development. Lately I have been experimenting with machine learning, mostly with scikit-learn.
Updated on June 21, 2022Comments
-
dotancohen almost 2 years
In PHP the accepted way to secure database login credentials is to store them outside the web root, and to
include()
the files with the passwords. How are MySQL database login credentials safely stored in Python applications?-
hakre almost 11 yearsWhat have you found out so far? Looking into PHP applications seems useless if you want to learn about practices in Python in my eyes. And luckily there is a lot of Python code floating around, so what has your research covered up?
-
dotancohen almost 11 yearsI mentioned the PHP best practice as it is an environment that I am familiar with. As for Python, I've found only suggestions to obfuscate the password (base64 or the like), and to ensure that the Python file is not readable by others (0700 permissions). I ask here if there is a better way.
-
northben about 9 yearsI use the keyring library (pypi.python.org/pypi/keyring) and store the actual credentials in the OS's credential storage utility. It's very easy to implement, and it seems quite secure to me.
-
dotancohen about 9 years@northben: Thanks, that does look like a good possibility.
-
-
amanb about 6 yearsAnother possibility is to use configparser to parse contents of a
config.ini file
.