[Flask] Database credentials in clear text
David Baumgold
david at davidbaumgold.com
Tue Jul 28 21:28:15 CEST 2015
I believe that what you’re looking for is called a “secret broker”, and I don’t know of any that are implemented in Python. However, you could always use a secret broker implemented in another language, and just call out using the subprocess module. You should take a look at https://vaultproject.io/ and http://square.github.io/keywhiz/.
David Baumgold
From: Matt Shields <matt at mattshields.org>
Reply: Matt Shields <matt at mattshields.org>>
Date: July 28, 2015 at 10:46:59 AM
To: flask at python.org <flask at python.org>>
Subject: [Flask] Database credentials in clear text
So far as I've been developing all my credentials have been contained in a config.py file in clear text. Is there any way to not keep these in clear text or in a file in the application path?
One of our .NET developers mentioned that when they are developing .NET apps, they put all their credentials into the Windows Locker and their app is authorized to get the credentials as needed.
Matt
_______________________________________________
Flask mailing list
Flask at python.org
https://mail.python.org/mailman/listinfo/flask
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/flask/attachments/20150728/322355e1/attachment.html>
More information about the Flask
mailing list