If I was to give a python script to someone to run, they would have to run it with an API key to allow access to the server. Is there any way I can prevent them from seeing the key but still be able to use it.
Asked
Active
Viewed 59 times
-3
-
Store the key as an external file on a remote location and have your script fetch it? – BoboDarph Mar 01 '18 at 09:38
-
Store the script in a separate module that you import into your program. Provide only the `.pyc` of that module, not the `.py` file. It's not secure but it will discourage casual snooping. – BoarGules Mar 01 '18 at 09:39
-
Even a compiled `.pyd` (or `.so` on Linux) C extension wouldn't prevent the key from appearing somewhere in the binary if not obfuscated somehow, and also then it still wouldn't be secure. But it helps for protection from a simple look. – Jeronimo Mar 01 '18 at 10:12
1 Answers
1
If you really need to protect this key, then you need to treat it as a password.
There are various ways of doing this:
Securely storing passwords for use in python script has 3 answers:
- use
bcrypt - use
pbkdf2 - and some homebrew method
I need to securely store a username and password in Python, what are my options? has 7 answers:
- homebrew RAM only method
- use
keyring - use
cryptography - use
pbkdf2 - and 3 more homebrew methods
Edwin van Mierlo
- 2,398
- 1
- 10
- 19