Securing credentials within a script : Forums : PythonAnywhere

Securing credentials within a script

Hello,

I have a script set up as a scheduled task that does the following: fetches some data, sends a few emails, and pushes data to a google sheet.

There are a few credentials stored as plain text directly in the script or in a referenced file, such as the email account name and password and google sheets credentials.

Are there any suggested best practices for securing the credentials for these accounts? Would you consider them safe as-is within the script stored within PythonAnywhere, or is there some sort of encryption we should be doing?

Thank you!

deleted-user-7180176 | 3 posts | March 20, 2020, 8:35 p.m. | permalink

As long as you're not pushing the file in question to an external source control repository, it's fine to include your credentials there. If you're using an external repository, the current best practice is to put credentials into a separate file and make sure to configure your source control to ignore it, then there's no risk of accidentally pushing your credentials.

glenn | 9718 posts | PythonAnywhere staff | March 21, 2020, 5:34 p.m. | permalink

Thanks for this advise. I was going to ask the same question.

Robotrodeo | 26 posts | Nov. 23, 2020, 10 p.m. | permalink