Securely storing passwords for use in python script

Question

Possible Duplicate    I need to securely store a username and password in Python  what are my options        I am looking for a way to securely store passwords which I intend to use in some Python scripting  I will be logging into different things and I don t want to store the passwords as plaintext in the script itself   Instead I was wondering if there is anything which is able to securely store those passwords and then retrieve them using something like a master password which I could enter to the script at the beginning

User · Answer

the secure way is encrypt your sensitive data by AES and the encryption key is derivation by password-based key derivation function (PBE), the master password used to encrypt/decrypt the encrypt key for AES.

master password -> secure key-> encrypt data by the key

You can use pbkdf2

from PBKDF2 import PBKDF2
from Crypto.Cipher import AES
import os
salt = os.urandom(8)    # 64-bit salt
key = PBKDF2("This passphrase is a secret.", salt).read(32) # 256-bit key
iv = os.urandom(16)     # 128-bit IV
cipher = AES.new(key, AES.MODE_CBC, iv)

make sure to store the salt/iv/passphrase , and decrypt using same salt/iv/passphase

Weblogic used similar approach to protect passwords in config files

User · Answer

Know the master key yourself  Don t hard code it    Use py-bcrypt  bcrypt   powerful hashing technique to generate a password yourself   Basically you can do this  an idea      import bcrypt from getpass import getpass master secret key   getpass  tell me the master secret key you are going to use   salt   bcrypt gensalt   combo password   raw password   salt   master secret key hashed password   bcrypt hashpw combo password  salt    save salt and hashed password somewhere so whenever you need to use the password  you are reading the encrypted password  and test against the raw password you are entering again   This is basically how login should work these days

User · Answer

I typically have a secrets py that is stored separately from my other python scripts and is not under version control  Then whenever required  you can do from secrets import  lt required pwd var gt   This way you can rely on the operating systems in-built file security system without re-inventing your own   Using Base64 encoding decoding is also another way to obfuscate the password though not completely secure  More here - Hiding a password in a python script  insecure obfuscation only

[python] Securely storing passwords for use in python script

Examples related to python

Examples related to security