Python store password more securely via POST API request

Question

I have a script that utilizes the request module to create a POST request.

The password is stored in plain text in the script.

I am concerned that this is blatantly insecure, but I am not sure how to make it more secure.

Any suggestions on steps I can take to avoid storing the password in plain text in the script to make the request?

#Set request parameters
url = 'https://apiexample.com/test'
#ISSUE: password is plain text
user = 'api_example'
pwd = 'plaintextnopes'

#Set proper headers
headers = {"Content-Type":"application/json","Accept":"application/json"}

#Build HTTP Request
response = requests.post(url=url, auth=(user, pwd), headers=headers ,data=j)

#Check for HTTP codes other than 200
if response.status_code != 200:
        print('Status:', response.status_code, 'Headers:', response.headers, 'Response Text', response.text, 'Error Response:',response.json())
        exit()

EDIT: The account is the system user that has access to write records to the database, this is static, it will not change.

Answer 1

Assuming this script runs interactively, you could ask the user to type the password on the keyboard by calling input() or raw_input() (depending on what version of Python you're using).

You could store the password in a separate file, which isn't totally secure but does let you share the script without sharing the password.

You could get the base64 encoded value of the username+password and include that in the headers directly, instead of passing them via the auth= parameter. However this only protects the password from a casual snooper; it's easy to reconstruct the username and password from the encoded value.