0

I have a MongoDB running on Heroku, and I need to store full credentials for a 3rd party API, including password, username, security token, etc.

What is the best way to protect the data?

Would appreciate code samples in raw python (no Framework used for this one).

Thanks

Update - forgot to mention that I am storing credentials for many users, so this is why I'm looking at a database-solution

Avi Meir
  • 980
  • 3
  • 11
  • 26

1 Answers1

0

Are you familiar with the heroku config command line utility? I found that to be the best solution for storing sensitive data, I use it for AWS keys and PostgreSQL logins.

The general approach is this:

$ heroku config:set DBUSERNAME=value DBPASSWORD=value
$ heroku config
DBUSERNAME: value
DBPASSWORD: value
# you should see you all your environment variables

When you have them setup, inside your Python file, just fetch your environ dictionary:

import os
print os.environ.get('DBUSERNAME', None) // should print "value"

And there you go. You can read more on how to use the config utility by entering this into the terminal:

$ heroku help config
Morgan Wilde
  • 16,795
  • 10
  • 53
  • 99
  • I forgot to mention that the credentials I store are for multiple users, this is why I'm looking at a database-based solution – Avi Meir May 16 '13 at 11:10
  • @AviMeir well that ruins 5 minutes of my work... Well in that case, use PostgreSQL or whatever to store them, there is nothing exceptional about that. – Morgan Wilde May 16 '13 at 11:12
  • My question still stands, what would you use to securely store the passwords and tokens? hashing of some kind? – Avi Meir May 16 '13 at 15:10
  • 2
    Yeah, hashing + random salt methods are the go to ways for storing passwords, you shoud definitely read this question here - http://stackoverflow.com/questions/287517/encrypting-hashing-plain-text-passwords-in-database. – Morgan Wilde May 16 '13 at 15:12