Reputation: 111
Storing sensitive information in the code
I'm currently using the azure-cosmos module in Python to connect to a database on Azure. I want to fetch the data, make a few transformations, and then push it to a new container.
You need the key and client ID to connect to the database, which I've used as variables in my code for now, as follows:
url = 'https://xyz.azure.com:443/'
key ='randomlettersandnumbers=='
client = CosmosClient(url, credential=key)
This seems to be a bad practice intuitively, and especially once I push this to Git, anyone could gain access to my database. So what's the most secure way to do this?
I'm coming from a non-SWE background, so apologies if this question is dumb.
Thanks!
Upvotes: 2
Views: 1232
Answers (1)
Reputation: 354
The way I deal with this kind of problem is by using environment variables
import os
url = os.environ.get("url-endpoint")
key = os.environ.get("api-key")
client = CosmosClient(url, credential=key)
You can set them in your ssh shell like that:
export url-endpoint="https://xyz.azure.com:443/"
export api-key="randomlettersandnumbers=="
Or you can put them in a bash script envs.sh
export url-endpoint="https://xyz.azure.com:443/"
export api-key="randomlettersandnumbers=="
And then you can use source command.
source envs.sh
You have a good article about storing sensitive data using environment variables here
Upvotes: 3
Related Questions
- Storing user data in a Python script
- How to hide username/password in Python codes?
- Best practices to store credentials in your Python script
- How to make data attributes private in python
- How can i store sensitive data in a Django project?
- Secret data/keys in Python script
- How Can I store data so users can't easily tamper with it?
- Storing data in python
- How to safely store sensitive data?
- Storing Application Sensitive Data