I write a few programs here and there as a hobbyist coder. My language of choice is Python.
I’m starting to write code that does more than just move files around on my own computer, and so I’m interacting with external services and APIs. One example is that I would like to use Twilio to send myself an SMS message when a program has finished executing. Doing this is easy enough if you have an account, but there’s the rub - the Twilio API requires that I include my credentials when I call it. Likewise, I can send myself an email from my Gmail account, but I need to supply credentials with the request.
I’m pretty sure of the following: hard coding passwords and tokens is a Bad Thing, and putting hard coded passwords and tokens on Github is A Very Bad Thing. I’m looking for a better way…
Things that might be relevant:
[ul]
[li]I use a Mac (and sometimes Ubuntu in a virtual machine).[/li][li]I tend to use Venv virtual Python environments, which I manage in PyCharm (my IDE), rather than at the command line. (Thinking about it, I wonder if PyCharm has a tool for credential handling?[/li][li]I’m not much of a sysadmin, but I’ve vaguely heard of environment variables and wondered if they were the way to go.[/li][li]I use LastPass as a general-purpose password manager, but I’m not sure if there’s programmatic access to it, or even if that would be a good idea.[/li][/ul]
I’m hoping there is some “best practice” approach to handling what must be a very common requirement.
My first thought was that you should just use a configuration file that contains the credentials (possibly in some encrypted form). When your main script runs, it reads the file, decrypts the content if needed, then uses it, then ideally discards or overwrites the variables that contained it. If all this will be executing on your own Mac, it’s basically all you need.
This entry on StackOverflow may be overkill in your situation, but the answers give some good suggestions like using a tiny Python script as a configuration file (you just import it instead of reading it), or environment variables, or SSH, etc.
I’m not aware of being able to use an SSL cert for connectivity to Gmail or Twilio for this sort of thing. In both cases, I’m following a tutorial in a textbook, so it may be possible. I didn’t notice it in the Twilio docs, but I’ll take another look. That said, I’m not clear on how I’d set up a cert on my home computer - I’ve always associated them with hosted services.
Yep, used requests for HTTP stuff, although not in these use cases (SMTPlib and twilio libraries).
Sorry, that was a typo (been fighting https connection issues on one of our apps so SSL just came out )- I meant to say SSH certificates (for which putty is my tool of choice)
Thanks for all the input. To provide some closure (I’m sure you’re all on tenterhooks) I have successfully stored my username and password as environment variables in my OS, and I can call them from within my Python scripts. This means that I can check the scripts into Github without inadvertently checking in my credentials as well, which was the whole aim.
)- I meant to say SSH certificates (for which putty is my tool of choice)