How to hide personal data in Python script

Question

I need to push Python script to Git repo. Script contains variables with personal data like USER_NAME = "some_name" and USER_PASS = "some_password". This data could be accessible for other users. I want to hide this data.

I found following approach:

• create separate data.py module with USER_NAME = "some_name" and USER_PASS = "some_password"
• import it once to generate compiled version- data.pyc

• change main script source: variables should be accessible like

  import data

  username = data.USER_NAME

  password = data.USER_PASS

• remove data.pyand push data.pyc to repo

This was promising, but actually data in data.pyc appears like ???some_namet???some_passwords??? and still could be recognized as username and password.

So what is the best practices to hide data in Python script?

Answer 1

You should never put sensitive pieces of information inside your code neither store them into a public repository.

It's better to follow Joel Goldstick's suggestion and modify your code to get passwords from private sources, e.g. local environment variables or local modules.

Try googling for "python store sensitive information" to look at some ideas (and involved issues).

Answer 2

Include in git repo code to read those things from environment variables. On the target machine, set those environment variables. This could be done by hand, or with a script that you don't include in your repo. Include instructions in your readme file

Answer 3

Try using an YAML file and not pushing it to your repo, like from here. You can use the python module yaml to read the data.