1

I'm using the Python requests library to make a call to an API that requires Windows Authentication. In C# I have always used the Directory Services, which has allowed me to avoid putting passwords in any of my code or configurations. From what I have found online, it seems that my only option in Python is to have a password somewhere. I have a service account that I will use, but I need to store the password securely. What is the best way to securely store and retrieve a service account password in Python without hard coding plain text?

The code that I am currently using is below. I have the username and password stored in plain text in my configuration:

auth = HttpNtlmAuth(
    config.ServiceAccount["Username"], 
    config.ServiceAccount["Password"]
    )

content = requests.post(call_string, json=parameters, auth=auth)

Edit: I should mention that this will not be a user-facing application. It will run as a batch job. So there will not be any way for a user to enter the username/password while running the application.

Kevin K.
  • 1,327
  • 2
  • 13
  • 18
  • 2
    I don't know much about Windows programming but why can't you use Directory Services? It shouldn't matter what language you are in, if it is a service available to the system you should be able to access it. Is it part of Active Directory? There are various packages to interface with that. – Daniel Roseman Apr 18 '18 at 21:40
  • @Kevin K , Please refer to this https://stackoverflow.com/questions/7014953/i-need-to-securely-store-a-username-and-password-in-python-what-are-my-options?noredirect=1&lq=1 I hope this helps. – ParthS007 Apr 18 '18 at 21:44

2 Answers2

2

You could just not store the password at all and require the user to provide the password at runtime

import getpass
user = getpass.getuser()
password = getpass.getpass()

Otherwise, you could do something similar to git and just have the user store their password in plaintext in a config file in their home directory that you then read at runtime.

Brendan Abel
  • 35,343
  • 14
  • 88
  • 118
  • This application will run as a batch process, so there won't be any opportunity for a user to input their credentials. – Kevin K. Apr 18 '18 at 21:47
1

I know I asked this question a while ago, but I found a better solution to the NTLM/Windows authentication. I used the requests_negotiate_sspi library to avoid any passwords:

from requests_negotiate_sspi import HttpNegotiateAuth
auth = HttpNegotiateAuth()

content = requests.post(call_string, json=parameters, auth=auth)
Kevin K.
  • 1,327
  • 2
  • 13
  • 18