I'd put them in a file with access to the daemon.. Putting credentials in an environment variable is insecure on Linux, because ps auxwwe lists environment variables.
On Fri, Mar 23, 2018 at 9:37 AM, Malcolm Greene <pyt...@bdurham.com> wrote: > Looking for your suggestions on best practice techniques for managing > secrets used by Python daemon scripts. Use case is Windows scripts > running as NT Services, but interested in Linux options as well. > Here's what we're considering > > 1. Storing secrets in environment vars > 2. Storing secrets in config file only in subfolder with access limited > to daemon account only3. Using a 3rd party vault product > > Thanks > -- > https://mail.python.org/mailman/listinfo/python-list -- https://mail.python.org/mailman/listinfo/python-list