On Tue, Feb 26, 2019 at 2:11 PM Ravindranath Barathy <sharingkapot...@gmail.com> wrote: > > Im trying to create a flask app that can take in a yaml file with the > following values, > > info: > url: http://something.com/api > username: user1 > password: secret > > > This yaml file is then read by the flask app and uses the info to interact > with the api. Everything works file in dev but, when I want to put this in > prod i dont want the username and password to be in clear text. Any > recommendation where I can use encrypted values in the yaml and decrypt then > in the server side? > > What are also some other ways to achieve this if passing the username and > password in the yaml is not recommended.
Sounds to me like the API requires the password in clear text, which means that, one way or another, it's going to be clear text. Correct me if I'm wrong on that point. You CAN avoid having the password in your repository, though. Look into the ways that your production platform can provide environment variables to your app. For instance, Heroku allows you to set config variables, or a self-hosted service run through a systemd script can have Environment= directives. You can then put the password in there, and have it available in os.environ[]. There are still opportunities for leakage, but far fewer than if you have a file in your source repository with the clear text. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
