[Tutor] managing sensitive data

[David Lowry-Duda]

>  "How do I manage sensitive credentials in my Python code?"
> I've faced this problem [1] and solved it by putting the 'sensitive' 
> data (passwords) into dot files in my home directory with strict permission
> settings. Is there a better way to do this?

My goto method is very simple. I never store passwords/credentials on 
file. Instead, I typically use environment variables. This looks like

```
import os

super_secret_password = os.getenv("MY_APP_SECRET_PASSWORD", '')
# do stuff with super_secret_password
```

I set various environment variables before running the code. For things 
I actually care about, I would do this on a server with a dedicated 
account that isn't my user account.

I should mention that this is very common, and there is lots of 
discussion about using secure configuration files vs environment 
variables vs password agents (like ssh-agent) vs others. But environment 
variables work well for me.

As an aside:

> I saw the following question raised recently on the "PowerfulPython"
> mailing list

I'm not familiar with PowerfulPython. I see that it's a site and a book, 
and there is some sort of newsletter and perhaps some courses. I suppose 
that the mailing list is exclusively for people who have paid some sort 
of money.

Do you like it? I'm always trying to keep aware of the various ways 
people learn python (though my goto recommendation of reading "Think 
Python" to start hasn't changed in a long time). Is the mailing list 
good?

- DLD