Open in app

Sign in

Write

Sign in

Securing Credentials in Python

Fridah Kimathi
3 min readDec 12, 2023

--

Introduction

In every Python project, it’s essential to keep things like API keys and passwords safe and secure. Ensuring password security is crucial for protecting your online accounts. This practice helps maintain the trustworthiness of your accounts, keeps your private information private, and lowers the chances of others gaining unauthorized access or misusing your info. In this blog, we’ll explore some common methods of hiding credentials in Python.

1. Using a .secrets Folder with a JSON File

i) In your terminal, while in the home directory, execute the following commands:

mkdir .secrets
cd .secrets
code credentials.json
  • mkdir .secrets : Creates a hidden folder named .secrets designed for securely storing sensitive information.
  • cd .secrets : Navigates into the newly created folder.
  • code credentials.json: Opens a text editor (e.g., Visual Studio Code) for creating a JSON file to store your credentials.

ii) Structure Your Credentials in a JSON File

Inside the opened credentials.json file, structure your credentials in a key-value pair formats as shown below.

{"username" : "your_username",
"password": "your_password"}

iii) Accessing the credentials in Python

import json

# Replace `path to the .json file` with the actual file path
json_file_path = r"path to the .json file"

with open(json_file_path, "r") as f:
    credentials = json.load(f)

# To access the username and password
username = credentials["username"]
password = credentials["password"]

2. Using Environment Variables

i) Setting up environment variables on windows

  1. Open the Windows search bar.
  2. Type in control panel and open it.
  3. Select System and Security
  4. Choose System.
  5. Click on Advanced system settings
  6. Click on Environment Variables
  7. Under the “User variables” section, click New...
  8. Enter Variable name (e.g., username) and Variable value (e.g., your_username).
  9. Repeat the process for the password by creating a new variable

ii) To access Environment Variables in Python

# To access Environment variables in Python
import os

# Username
username = os.getenv("username")

# Password
password = os.getenv("password")

Note: If your VS Code was open before creating the environment variables, it’s essential to restart it for the changes to take effect.

3. .py file

It is advisable to avoid storing credentials in a .py file due to the potential for accidental GitHub uploads. However, if you need to store credentials for personal use and understand the risks involved, you can create a separate Python file (e.g., securing_credentials.py) to store your credentials.

# securing_credentials.py
username = "your_username"
password = "your_password"

To incorporate the credentials in another notebook or Python file, you can use the code below.

import securing_credentials

# username
username = securing_credentials.username
# password
password = securing_credentials.password

While all methods have their use cases, using environment variables is the best practice for securing credentials in Python due to the enhanced security and versatility they offer.

I hope you were able to pick up something from this blog post. If you have any questions you check out the full analysis in this juypter notebook or reach me through my LinkedIn.

Thanks For Reading, Follow me for more!

Python
Credentials
Security

--

--

Fridah Kimathi

Written by Fridah Kimathi

18 Followers

Data Science enthusiast

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams