[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Encrypting username and password within yaml file

On Tue, Feb 26, 2019 at 2:11 PM Ravindranath Barathy
<sharingkapoting at gmail.com> wrote:
> Im trying to create a flask app that can take in a yaml file with the following values,
> info:
>   url: http://something.com/api
>   username: user1
>   password: secret
> This yaml file is then read by the flask app and uses the info to interact with the api. Everything works file in dev but, when I want to put this in prod i dont want the username and password to be in clear text. Any recommendation where I can use encrypted values in the yaml and decrypt then in the server side?
> What are also some other ways to achieve this if passing the username and password in the yaml is not recommended.

Sounds to me like the API requires the password in clear text, which
means that, one way or another, it's going to be clear text. Correct
me if I'm wrong on that point.

You CAN avoid having the password in your repository, though. Look
into the ways that your production platform can provide environment
variables to your app. For instance, Heroku allows you to set config
variables, or a self-hosted service run through a systemd script can
have Environment= directives. You can then put the password in there,
and have it available in os.environ[].

There are still opportunities for leakage, but far fewer than if you
have a file in your source repository with the clear text.