[Flask] Database credentials in clear text

Andrea D'Amore and.damore at gmail.com
Wed Jul 29 08:17:04 CEST 2015


On 28 July 2015 at 16:46, Matt Shields <matt at mattshields.org> wrote:
> So far as I've been developing all my credentials have been contained in a
> config.py file in clear text.  Is there any way to not keep these in clear
> text or in a file in the application path?
> One of our .NET developers mentioned that when they are developing .NET
> apps, they put all their credentials into the Windows Locker and their app
> is authorized to get the credentials as needed.

You are possibly looking at something like python keyring [1], I'm not
sure about Windows Locker but I wrote a small app that used the
system's keychain on OS X and Debian.
Notice that the latter used GNOME's keychain in graphical session but
then when I connected via ssh the required environment vars weren't
right there and keyring used a file storage into an own config folder,
I took a while for me to figure why I wasn't finding the credentials I
had already stored.


[1] https://pypi.python.org/pypi/keyring

-- 
Andrea


More information about the Flask mailing list