Keep it secret: 3 tips to protect your ArcGIS passwords
Compared to the old days, developers are dealing a lot more with the online world when using ArcGIS products. This is because ArcGIS’s paradigm has shifted from being desktop software to being a platform.
That means signing in to a portal using code is a lot more frequent. I do see a lot of fellow developers or clients storing their credentials in clear text: this is a big no-no from a security standpoint. In this article, I am giving you three easy ways at your disposal to prevent your passwords from being exposed.
Use Notebooks for ArcGIS Online
Notebooks for ArcGIS online give you an option to run the code as the current user. That lets you hide your credentials. To make things easier, ArcGIS Online will insert those lines of code automatically in any new Notebook you create.
With great power comes great responsibilities if you’re an administrator. ArcGIS Online will be kind enough to remind you to use your superpowers wisely.
There are many other reasons you should be using Notebooks for ArcGIS Online. If you want to know more, check out my previous article.
2. Create a profile with Python API for ArcGIS
The Python API for ArcGIS gives you the option to create a profile. A profile is a name associated with a set of credentials that can be read exclusively by the user that created that profile. Creating a profile is as easy as 1,2,3.
Note that when registering the profile, you need to provide the password explicitly. You cannot let the ArcGIS API prompt you for a password. This seems a bit like an oversight from the API team, but it is something you will need to accept. As a result, never save the code you use to create a profile.
Using the profile is very easy as well. Once it is registered, simply create your GIS object with your URL and profile name, and your code will be ready to go.
3. Use the keyring API with ArcGIS Pro
In some cases, ArcGIS Pro requires you to sign in. It is especially true when you need to update services in a federated enterprise site. In that case, you need to use a sign-in method that does not support profiles. That’s okay because ArcGIS Pro comes with the Python keyring module that lets you do just that.
If we want to use that mechanism with ArcGIS Pro, it would look like this:
Resources
Python API for ArcGIS Guide: Working with different authentication schemes.
Esri Community Blog: Connect to the GIS in Python scripts without embedded passwords or login prompts