I have a script A that needs to perform authentication on my professional email. Right now, I put that data in a python dict() in a script B that is imported into script A at runtime in an unencrypted form. The script B is not under version control.
This is only for a personal project, so I don't need to have very reusable code, but the authentication in question yields access to critical data.
Is importing unencrypted data at runtime as described in this answer secure?
No, not really.
Two notable issues.
First, if the attacker has access to your main source, finding the authentication information is quite straightforward.
Second, should someone stumble across the B file, there's your credentials laid out in plain sight.
Dealing with this is a key management problem, since what you want to do is encrypt the authentication information, but then you need a key, and you're back to square one. It's an intractable problem.
The game is burying the key.
The simplest solution is to simply prompt for the key (or the credentials) at startup, and not store it anywhere save in memory.
Or you can do a simple encryption of the credentials, store the key in a file, and read it in. This will defeat casual snooping (someone just looking at files), but nobody else.
So, it depends on what you feel your threat profile really is.
