Python 将机密(密码)存储在单独的文件中
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/25501403/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Storing the secrets (passwords) in a separate file
提问by アレックス
What's the simplest way to store the application secrets (passwords, access tokens) for a Python script? I thought it'd be a *.ymlfile like in Ruby but surprisingly I found that it wasn't the case. So what is it then? What are the most simplest solutions?
为 Python 脚本存储应用程序机密(密码、访问令牌)的最简单方法是什么?我认为它会是一个*.yml像 Ruby 中的文件,但令人惊讶的是我发现情况并非如此。那么到底是什么呢?最简单的解决方案是什么?
I want to put them in a separatefile because that way I'll be able notto push that file to a github repository.
我想将它们放在一个单独的文件中,因为这样我就无法将该文件推送到 github 存储库。
采纳答案by kecer
I think storing credentials inside another *py file is your safest bet. Then just import it. Example would look like this
我认为将凭据存储在另一个 *py 文件中是最安全的选择。然后只需导入它。示例看起来像这样
config.py
配置文件
username = "xy"
password = "abcd"
main.py
主文件
import config
login(config.username, config.password)
回答by CraZ
I was dealing exactly the same question and actually ended up with the same solution as kecersuggested. Since I need to use it dozens of scripts, I've created own library. Let me share this solution with you.
我正在处理完全相同的问题,实际上最终得到了与kecer建议的相同的解决方案。由于我需要使用它数十个脚本,因此我创建了自己的库。让我与您分享这个解决方案。
credlib.py-- universal library to handle credentials
credlib.py——处理凭证的通用库
class credential:
def __init__(self, hostname, username, password):
self.hostname = hostname
self.username = username
self.password = password
mycredentials.py-- my local file to store all credentials
mycredentials.py-- 我的本地文件,用于存储所有凭据
from credlib import credential
sys_prod = credential("srv01", "user", "pass")
sys_stg = credential("srv02", "user", "pass")
sys_db = credential("db01", "userdb", "passdb")
mysystemlib.py-- this is a general library to access my system (both new credential system and legacy is supported)
mysystemlib.py——这是一个访问我的系统的通用库(支持新的凭证系统和遗留系统)
from credlib import credential
def system_login(*args): # this is new function definition
#def system_login(hostname, username, password): # this was previous function definition
if len(args) == 1 and isinstance(args[0], credential):
hostname = args[0].hostname
username = args[0].username
password = args[0].password
elif len(args) == 3:
hostname = args[0]
username = args[1]
password = args[2]
else:
raise ValueError('Invalid arguments')
do_login(hostname, username, password) # this is original system login call
main.py-- main script that combines credentials and system libs
main.py-- 结合凭证和系统库的主脚本
from mycredentials import sys_stg, sys_db
import mysystemlib
...
mysystemlib.system_login(sys_stg)
Please note that the legacy hostname/username/password way still works so it does not affect old scripts:
请注意,旧的主机名/用户名/密码方式仍然有效,因此它不会影响旧脚本:
mysystemlib.system_login("srv02", "user", "pass")
This has a lot benefits:
这有很多好处:
- same credential system across all our python scripts
- files with passwords are separated (files can have more strict permissions)
- files are not stored in our git repositories (excluded via
.gitignore) so that our python scripts/libs can be shared with others without exposing credentials (everyone defines their own credentials in their local files) - if a password needs to be changed, we do it at a single place only
- 我们所有的 Python 脚本都使用相同的凭证系统
- 带密码的文件是分开的(文件可以有更严格的权限)
- 文件未存储在我们的 git 存储库中(通过 排除
.gitignore),以便我们的 python 脚本/库可以与其他人共享而无需公开凭据(每个人都在其本地文件中定义自己的凭据) - 如果需要更改密码,我们只在一个地方进行
