Reputation: 115
How to use encrypted password in connection string of sqlalchemy?
I'm working with sqlalchemy and oracle, but I don't want to store the database password directly in the connection string, how to store a encrypted password instead?
Upvotes: 3
Views: 6818
Answers (3)
Reputation: 89
You could encode the string, but encoding is not encrypting as Gord Thompson mentioned in the comments. Anyone with a bit of knowledge about base64 can reverse it.
import base64
password = "yourpassword".encode("utf-8")
encoded = base64.b64encode(password)
print(encoded)
Decoding it is a matter of
decoded = base64.decodebytes(encoded).decode('utf-8')
print(decoded)
You can use hashed password :
- You can use the generate_password_hash function from werkzeug.security to generate a secure hash of the password.
code,
from werkzeug.security import generate_password_hash
password = "your_password_here"
hashed_password = generate_password_hash(password, method='sha256')
Upvotes: 2
Reputation: 55770
Encrypting the password isn't necessarily very useful, since your code will have to contains the means to decrypt. Usually what you want to do is to store the credentials separately from the codebase, and have the application read them at runtime. For example*:
- read them from a file
- read them from command line arguments or environment variables (note there are operating system commands that can retrieve these values from a running process, or they may be logged)
- use a password-less connection mechanism, for example Unix domain sockets, if available
- fetch them from a dedicated secrets management system
You may also wish to consider encrypting the connections to the database, so that the password isn't exposed in transit across the network.
* I'm not a security engineer: these examples are not exhaustive and may have other vulnerabilities in addition to those mentioned.
Upvotes: 0
Reputation: 1925
I guess you are looking for module PyCrypto
You may use your desired encryption and store encrypted text in database and after fetching data you can decrypt it again.
here is the example for PyCrypto:
>>> from Crypto.Hash import SHA256
>>> hash = SHA256.new()
>>> hash.update('message')
>>> hash.digest()
'\xabS\n\x13\xe4Y\x14\x98+y\xf9\xb7\xe3\xfb\xa9\x94\xcf\xd1\xf3\xfb"\xf7\x1c\xea\x1a\xfb\xf0+F\x0cm\x1d'
for more you may refer to this documentation
Upvotes: 0
Related Questions
- SQLAlchemy password as asterisks causes login failure
- Connect to Oracle on an encrypted port using sqlalchemy
- Using SSL with SQLAlchemy
- Encrypting db connection string
- Specifying a key for SQLAlchemy's `EncryptedType` at runtime
- Flask - authenticate hashed password from SQLAlchemy
- How to connect securely to a MySQL database using SQLalchemy?
- Password not getting encrypted when I update
- Storing and validating encrypted password for login in Pyramid
- sqlalchemy: connect to MySQL without password