On 12/10/2019 6:05 pm, Tumbelo wrote:
Hi,
I need to store some third party server passwords in Django, in
views.py to be more specific. Those are used for Paramiko SFTP
(machine-to-machine communication) and it's not possible to use keys
instead of passwords. For sure I don't like to write those passwords
directly to source code. I have figured out that Python Keyring would
be good way to store passwords and following short code works ok:
|importkeyring
try:keyring.get_keyring()keyring.set_password("system","user","passWORD")pword
=keyring.get_password("system","user")printpword
exceptExceptionase:printe |
I moved the code to Django (views.py):
|fromdjango.http importHttpResponseimportkeyring
defindex(request):try:keyring.get_keyring()keyring.set_password("system","user","passWORD")pword
=keyring.get_password("system","user")returnHttpResponse(pword)exceptExceptionase:returnHttpResponse(e)|
Then I asked Django to run built-in development server by typing: sudo
python manage.py runserver
Finally I browsed to correct localhost url. Result: browser was
showing dialog requesting me to create (on first try) and then open
(on next tries after I have created it) kdewallet.
Is it possible to use Keyring from Django without need for user
interaction (= without those dialogs)? in the other words: how to
configure Keyring to be used with Django?
I don't know.
But maybe Keyring is overkill?
It is easy to fetch credentials stored on the machine without including
them in your code and therefore excluding them from your repo.
I use that technique for dozens of sets of credentials including
database credentials in settings, Stripe credentials in views etc etc. I
just use a plain text file and read it in. If you wanted to be fancy you
could encrypt on disk and decrypt them when needed. But I don't think
that is necessary. The machine itself has to be compromised before that
technique is insecure. You do need to be careful with machine backups
though if you have sensitive data in files.
There are other options for keeping sensitive data out of code and using
environment vars seems popular.
Mike
Thanks in advance!
--
You received this message because you are subscribed to the Google
Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to django-users+unsubscr...@googlegroups.com
<mailto:django-users+unsubscr...@googlegroups.com>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/85dd1093-6f54-4aea-b8ff-d48e67b54942%40googlegroups.com
<https://groups.google.com/d/msgid/django-users/85dd1093-6f54-4aea-b8ff-d48e67b54942%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups "Django
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/c1f8f280-ae0d-e278-9457-07dd9090ff37%40dewhirst.com.au.