How to securely store database credentials in windows?
Question
I use python and SQL-server to manage a database, but I do not know "good practices" about database management and know few about security information.
Is it secure to save Database credentials in Windows as a environment variable and use it into scripts with os.environ ? Like this:
import os
DB_HOST = os.environ['DBHOST']
DB_USER = os.environ['DBUSER']
...
How is the proper way to store credentials to automate uses of databases?
3 answers
solution1
1 ACCPTED 2018-08-15 14:03:33
If you are asking if you should permanently set environment variables for your laptop - I'd avoid that because any process could list all environment variables on the PC and the associated stored values quite easily.
Instead - I'd recommend checking out Keyring . This will use the Windows Credential Locker (or other OS specific keyring services).
solution2
1 2018-08-15 14:04:40
Usually secure credentials are stored in a .env file that relates to your current environment and then are grabbed from within your code. Eg DB_HOST = env('DBHOST').
Basically what you're doing right now but stored in a file (as secure as you need it, possibly encrypted) rather than directly as environment variables as they're accessible from the entire machine.
solution3
1 2018-08-15 15:40:13
By using Encryptedbypassphrase('key','Your_Password') method in sqlserver, Example,
create table #temp(id int identity(1,1),Password varbinary(max)) insert into #temp(Password) values(encryptbypassphrase('12','Passw0rd')) select * from #temp
In that code we are provide the original password but it stored in the database table by encrypted value.
Screenshot of my output:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.