Consuming REST API that requires basic Authentication

I've written python code by using httplib to consume REST API, that required basic Authentication.
So i used the username and password in plaintext in the code.
1)Is it right to put password in code ?
2)If wrong what is the right way?

Please shed some light.

Putting passwords in code is a bad idea(tm), since your could could end up on Github, etc, and leak the password. Use buildout.cfg to store secrets, and keep buildout.cfg specific to each installation (i.e. don't check it into source control).

Have a look at: http://docs.plone.org/4/en/old-reference-manuals/buildout/additional.html#configuring-plone-products-from-buildout

1 Like

Even a locla buildout.cfg wants to be kept under revision control.
It's better to put passwords into some text file and encrypt the the file e.g. using AES-256.
Asking for the key at runtime or decrypting the encrypted password store should be save enough.
...and save enough in case you commit the encrypted pw store to a public repo as long as you use a strong key.

-aj

2 Likes

You can use an environment variable to pass in a username and password when starting the application. That way the password is only known locally on the server.

Or you can store the password in your Plone site's registry.
You can define a registry key and keep it empty in code, and set the correct value through the Plone control panel.

Have fun!

1 Like

I’ve found that this stores the key in plain text in data.fs or relstorage object_state.

https://github.com/zopefoundation/cipher.encryptingstorage May solve this

1 Like

That looks terribly complicated and probably not used commonly enough to be super reliable

Plone Foundation Code of Conduct