Reputation: 3
Storing API keys and passwords in web2py
I am creating a web2py application which will pull a bunch of data from different sources. What's the best way to store the API keys and passwords? Appconfig.ini seems to me as a bad option here.
Upvotes: 0
Views: 533
Answers (2)
Reputation: 5256
Thanks so much Himel Das for the initial answer !
In my lib odsclient I ended up implementing a series of alternatives, from the most secure (keyring as you suggested) to the less ones (OS environment variable, git-ignored text file, arg-passed apikey possibly obfusctated with getpass()).
You might wish to have a look for inspiration, see this part of the doc in particular.
Upvotes: 2
Reputation: 1218
You can use the Python keyring lib to more safely store and retrieve an API key into the underlying Operating System's Keyring service. As an optional optimization, you can then store the key in Web2py's cache.ram to avoid having to retrieve API key from the OS for every request.
See https://pypi.python.org/pypi/keyring
Upvotes: 2
Related Questions
- Storing REST API credentials safely for access in a Python environment
- Best Practices Python - Where to store API KEYS/TOKENS
- How to save multiple credentials securely for an API in Python Flask?
- Secure Way to Store Credentials for an API python module
- Restful API with authentication
- How to store API keys in a PyPI project?
- Web2py Authentication for Restful service and also application users
- Storing an api_key, api_pass
- Django best practice for storing access keys
- Storing Configuration details