I'm working on converting my scripts into a larger application using Python, and I've been using the Keyring module to store my passwords and keys from a yaml config file. Recently, I've come across .env files that hold everything in plain text. What's a safe method to store this sensitive information without worrying about potential access from Microsoft or other entities? I'm planning to create a desktop app using QT, so I'm looking for the best storage options. Also, I'm on Windows, but I'm mostly concerned about the coding architecture rather than specific OS details. Thanks!
3 Answers
If you're trying to keep it simple, another option might be to store your credentials in an encrypted JSON file. Just keep the decryption key as an environment variable on your machine. It adds a layer of security while still being manageable.
Honestly, one approach is to stop using Windows altogether for sensitive development. But if you prefer to stick with it, there are some options! You might want to check out using a secure vault like Windows Credential Manager, which can provide better security than just plain text files. While no method is 100% foolproof against potential malicious access, this could be a step up.
Using Microsoft's CryptoAPI is a solid option. I created a DLL in C to interact with their WinCred API for storing credentials securely. You can use it with Python through CTypes to leverage that security. There’s a wealth of documentation available on Microsoft’s site, so if you're willing to dive into it, you can find good resources.
Sounds interesting! But I'm curious – what about storing credentials securely on Linux? Any tips for that?
Yeah, totally agree! I've been looking for secure ways to store credentials without exposing them in plain text - just seems risky for any project.