Keep it secret: 3 tips to protect your ArcGIS passwords

Compared to the old days, developers are dealing a lot more with the online world when using ArcGIS products. This is because ArcGIS’s paradigm has shifted from being desktop software to being a platform.

That means signing in to a portal using code is a lot more frequent. I do see a lot of fellow developers or clients storing their credentials in clear text: this is a big no-no from a security standpoint. In this article, I am giving you three easy ways at your disposal to prevent your passwords from being exposed.

Use Notebooks for ArcGIS Online

Notebooks for ArcGIS online give you an option to run the code as the current user. That lets you hide your credentials. To make things easier, ArcGIS Online will insert those lines of code automatically in any new Notebook you create.

Notebooks for ArcGIS Online let you sign in as the current user.

With great power comes great responsibilities if you’re an administrator. ArcGIS Online will be kind enough to remind you to use your superpowers wisely.

There are many other reasons you should be using Notebooks for ArcGIS Online. If you want to know more, check out my previous article.

2. Create a profile with Python API for ArcGIS

The Python API for ArcGIS gives you the option to create a profile. A profile is a name associated with a set of credentials that can be read exclusively by the user that created that profile. Creating a profile is as easy as 1,2,3.

Storing a profile with the Python API for ArcGIS.

Note that when registering the profile, you need to provide the password explicitly. You cannot let the ArcGIS API prompt you for a password. This seems a bit like an oversight from the API team, but it is something you will need to accept. As a result, never save the code you use to create a profile.

Using the profile is very easy as well. Once it is registered, simply create your GIS object with your URL and profile name, and your code will be ready to go.

Accessing a profile with the Python API for ArcGIS.

3. Use the keyring API with ArcGIS Pro

In some cases, ArcGIS Pro requires you to sign in. It is especially true when you need to update services in a federated enterprise site. In that case, you need to use a sign-in method that does not support profiles. That’s okay because ArcGIS Pro comes with the Python keyring module that lets you do just that.

Creating a profile with the keyring module.

Reading a profile with the keyring module.

If we want to use that mechanism with ArcGIS Pro, it would look like this:

Creating a profile with the keyring module.

Signing in using ArcGIS Pro API and the keyring module.

Resources

Python API for ArcGIS Guide: Working with different authentication schemes.

Esri Community Blog: Connect to the GIS in Python scripts without embedded passwords or login prompts