Fix Python – I need to securely store a username and password in Python, what are my options? [closed]

Question

Asked By – Naftuli Kay

I’m writing a small Python script which will periodically pull information from a 3rd party service using a username and password combo. I don’t need to create something that is 100% bulletproof (does 100% even exist?), but I would like to involve a good measure of security so at the very least it would take a long time for someone to break it.

This script won’t have a GUI and will be run periodically by cron, so entering a password each time it’s run to decrypt things won’t really work, and I’ll have to store the username and password in either an encrypted file or encrypted in a SQLite database, which would be preferable as I’ll be using SQLite anyway, and I might need to edit the password at some point. In addition, I’ll probably be wrapping the whole program in an EXE, as it’s exclusively for Windows at this point.

How can I securely store the username and password combo to be used periodically via a cron job?

Now we will see solution for issue: I need to securely store a username and password in Python, what are my options? [closed]


Answer

I recommend a strategy similar to ssh-agent. If you can’t use ssh-agent directly you could implement something like it, so that your password is only kept in RAM. The cron job could have configured credentials to get the actual password from the agent each time it runs, use it once, and de-reference it immediately using the del statement.

The administrator still has to enter the password to start ssh-agent, at boot-time or whatever, but this is a reasonable compromise that avoids having a plain-text password stored anywhere on disk.

This question is answered By – wberry

This answer is collected from stackoverflow and reviewed by FixPython community admins, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0