Import from another Python file
One of the easiest and basic methods is to save the credentials in another python file say secrets.py and import it into the required file. We need to .gitignore the secrets.py file. Now we can store the credentials in essentially two ways, the first being to use python variables to store the values and the second more preferred way is to use a dictionary. Dictionary is preferred because if we try to access a non-existent variable, it will raise an error but in the case of the dictionary, we can return a default value.
We have saved the following credentials in a dictionary in secrets.py:
Python3
# secrets.py secrets = { 'SECRET_KEY': "superSecretkey1234", 'DATABASE_USER': "testusr", 'DATABASE_PASSWORD': 'pass1234', 'DATABASE_PORT': 5432 } |
Now import the credentials in the required file, main.py.
Python3
# main.py from secrets import secrets secret_key = secrets.get('SECRET_KEY') # gives default value if the credential is absent google_maps_key = secrets.get('gmaps_key', 'mapsapikey543') db_user = secrets.get('DATABASE_USER', 'root') db_pass = secrets.get('DATABASE_PASSWORD', 'pass') db_port = secrets.get('DATABASE_PORT', 3306) print('secret_key :', secret_key) print('google_maps_key :', google_maps_key) print('db_user :', db_user) print('db_pass :', db_pass) # no need to type cast numbers and booleans print('db_port :', db_port, type(db_port)) |
Output :
This works and we don’t need to worry about data type conversion of boolean and integer values(you will understand why this is important in the later methods) but isn’t the recommended approach because the file name and dictionary name can vary for different projects so it doesn’t form a standard solution. More importantly, this approach is restricted to python as in a more realistic scenario we could be working with multiple languages which also require access to the same credentials, and storing them in a way that is only accessible to one language isn’t ideal. A better approach is to use environment variables.
How to hide sensitive credentials using Python
Have you ever been in a situation where you are working on a python project need to share your code with someone or you are hosting your code in a public repository but don’t want to share the sensitive credentials so it isn’t exploited by a random user?
For example, you are making a web app in Django, where there is a concept of ‘SECRET_KEY’ which is a randomly generated unique key and is used for cryptographic signing of data. As the name suggests it should not be publicly shared as it defeats many of Django’s security protections. Or maybe you are using cloud storage say AWS S3, you will need to store the access token in the code and also prevent unauthorized users to misuse the credentials, how can we do both? For such cases, we need to prevent hardcoding of the ‘key’ (essentially the variables holding our credentials) into our code and subsequently not exposing it in our public repository.
Contact Us