Re: Keyring with Django

On 12/10/2019 6:05 pm, Tumbelo wrote:
> Hi,
>
> I need to store some third party server passwords in Django, in
> views.py to be more specific. Those are used for Paramiko SFTP
> (machine-to-machine communication) and it's not possible to use keys
> instead of passwords. For sure I don't like to write those passwords
> directly to source code. I have figured out that Python Keyring would
> be good way to store passwords and following short code works ok:
>
> |importkeyring
> try:keyring.get_keyring()keyring.set_password("system","user","passWORD")pword
> =keyring.get_password("system","user")printpword
> exceptExceptionase:printe |
>
> I moved the code to Django (views.py):
>
> |fromdjango.http importHttpResponseimportkeyring
> defindex(request):try:keyring.get_keyring()keyring.set_password("system","user","passWORD")pword
> =keyring.get_password("system","user")returnHttpResponse(pword)exceptExceptionase:returnHttpResponse(e)|
>
>
> Then I asked Django to run built-in development server by typing: sudo
> python manage.py runserver
>
> Finally I browsed to correct localhost url. Result: browser was
> showing dialog requesting me to create (on first try) and then open
> (on next tries after I have created it) kdewallet.
>
> Is it possible to use Keyring from Django without need for user
> interaction (= without those dialogs)? in the other words: how to
> configure Keyring to be used with Django?
>

I don't know.

But maybe Keyring is overkill?

It is easy to fetch credentials stored on the machine without including
them in your code and therefore excluding them from your repo.

I use that technique for dozens of sets of credentials including
database credentials in settings, Stripe credentials in views etc etc. I
just use a plain text file and read it in. If you wanted to be fancy you
could encrypt on disk and decrypt them when needed. But I don't think
that is necessary. The machine itself has to be compromised before that
technique is insecure. You do need to be careful with machine backups
though if you have sensitive data in files.

There are other options for keeping sensitive data out of code and using
environment vars seems popular.

Mike

>
> Thanks in advance!
>
> --
> You received this message because you are subscribed to the Google
> Groups "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to django-users+unsubscribe@googlegroups.com
> <mailto:django-users+unsubscribe@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/85dd1093-6f54-4aea-b8ff-d48e67b54942%40googlegroups.com
> <https://groups.google.com/d/msgid/django-users/85dd1093-6f54-4aea-b8ff-d48e67b54942%40googlegroups.com?utm_medium=email&utm_source=footer>.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/c1f8f280-ae0d-e278-9457-07dd9090ff37%40dewhirst.com.au.