I write a lot of Python scripts that interact with online services, which usually means requires my passwords and API keys. But how to store them?
The simplest approach would be to save my variable in my unencrypted source code:
PASSWORD = 'password!'
This is a terrible idea. Don’t do this.
This password is now trivially accessible to anybody who has access to the source code. If I ever want to share my code (and I often do), I have to remember to carefully scrub it of sensitive information. If I use a version control system like Git, the password is permanently baked into the history of the repository.1
So what’s the alternative? If I don’t want to put secrets directly in the source code, how can I make them available at runtime? I use the keyring module.