python – Where and how should the "password to access WebAPI" be stored in general?

Question: Question:


  • Python 3.6
    • requests module

Current status

I want to access WebAPI X from my local machine to get information.
The specifications of WebAPI X are as follows.

  • Authentication required.
  • To authenticate, run the API for Login.
  • Pass Login ID and Password to API for Login.

I use Python's requests module to access WebApi.

I'm the only one who uses the tool (Python script) to access WebAPI so far, but I'd like to make it available to other employees eventually.

What you feel is a problem

The password is described in the following configuration file config.ini .


config.ini does not commit to the Git repository (described in .gitignore ).

The following points are problematic for me.

  • The configuration file also contains information other than the password, which is often opened in an editor.
    • You are likely to see your password
  • Even though it's written in .gitignore , there's a risk of accidentally committing


In general, how and where should the "password to access WebApi" be stored?

  • environmental variables
  • Allow passwords to be encrypted / decrypted with a different key

I think there are many ways to solve what I think is a problem, but I would like to adopt a more general and easy way.

Answer: Answer:

Each OS may have a mechanism to save the password.

For Windows, there is a credential manager, which is used to store passwords such as IE. There is also Keychain access for Mac.

UNIX-like operating systems, including Xubuntu, aren't universal, but long ago they used to store passwords in ~/.netrc . There is an explanation in netrc (5) . And it seems that Python has a netrc class that parses this file.

Please use it as an option.

Scroll to Top