Forums

Storage of Password and Tokens for third-party services

What securty best-pratice is recommended for runtime storage of passwords and tokens to third party services (email, socialmedia)?

I imagine the flow as follows:

  1. Username Password SecureStorage (!!! What happens here)
  2. runtime unlocks the SecureStorage (!!! What happens here)
  3. (python) export username password from storage
  4. send authentication http requests
  5. dispose of variables that store the password

Constraints:

  • All actions performed in same OS session
  • Runtime will not have in code or memory of Secure-Storage unlock key
  • Preferable that the os user in which the script runs already has access to a file or folder, which is not accessible by any other method externally.
  • will considerer using methods for storing salt values
marbleCurrent | 3 posts | Nov. 3, 2022, 5:08 a.m. | permalink

Found this as a possible solution option

marbleCurrent | 3 posts | Nov. 3, 2022, 8:19 a.m. | permalink

Glad to hear that you found solution to your problem.

Staff fjl | 4352 posts | PythonAnywhere staff | Nov. 3, 2022, 11:01 a.m. | permalink

Has anyone solved this problem on the pythonanywhere platform? or is there a recommendation for storing secrets that is specific to pythonanywhere?

marbleCurrent | 3 posts | Nov. 4, 2022, 5:41 a.m. | permalink

We do not have specific recommendations. Use what works for you.

Staff glenn | 9498 posts | PythonAnywhere staff | Nov. 4, 2022, 5:51 p.m. | permalink