Python has a keyring library (https://pypi.python.org/pypi/keyring) that provides an easy way to access the system keyring service from python and can be used in an application to safely store passwords.
To install it on Ubuntu, make sure you have up-to-date pip Python package:
sudo apt-get install python-pip
sudo pip install pip -U
Then, using pip, install the keyring library:
sudo pip install keyringFinally, update the settings.py with the following code to securely store authentication credentials:
import keyring
import getpass
database_name = 'schema_name'
username = 'administrator'
password = keyring.get_password(database_name, username)
while password == None :
password = getpass.getpass(database_name + " Password:\n")
# store the password
keyring.set_password(database_name, username, password)
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': database_name, # Or path to database file if using sqlite3.
'USER': username, # Not used with sqlite3.
'PASSWORD': password, # Not used with sqlite3.
'HOST': db.inteliident.com', # Set to empty string for localhost. Not used with sqlite3.
'PORT': '3306', # Set to empty string for default. Not used with sqlite3.
}
}
Simple, isn't it?
keyring won't necessarily store your passwords safely. Be sure to check the backend it uses:
ReplyDelete$ python -c 'import keyring; print keyring.get_keyring().__class__.__name__'
PlaintextKeyring
If pycrypto is available, installing it will make keyring encrypt your passwords.
$ pip install pycrypto
Now your passwords will be stored securely (you will need to enter a password when starting django).
$ python -c 'import keyring; print keyring.get_keyring().__class__.__name__'
EncryptedKeyring
As an aside, if you are using Linux there is a SecretService backend as well but it depends on the dbus-python library, which doesn't install via pip.
I prefer the solution provided by this answer: https://stackoverflow.com/questions/24492956/hiding-secure-django-settings-info-on-webfaction/41654822#41654822
ReplyDelete