What securty best-pratice is recommended for runtime storage of passwords and tokens to third party services (email, socialmedia)?
I imagine the flow as follows:
- Username Password SecureStorage (!!! What happens here)
- runtime unlocks the SecureStorage (!!! What happens here)
- (python) export username password from storage
- send authentication http requests
- dispose of variables that store the password
Constraints:
- All actions performed in same OS session
- Runtime will not have in code or memory of Secure-Storage unlock key
- Preferable that the os user in which the script runs already has access to a file or folder, which is not accessible by any other method externally.
- will considerer using methods for storing
salt
values