Google App Engine - how to prevent exposure of passwords_问答_开发者

Google App Engine - how to prevent exposure of passwords

开发者 https://www.devze.com 2023-02-13 07:02 出处：网络

I\'m usingGAE to run my app. My application uses a password to connect an external service. Currently I stor开发者_StackOverflow社区e this password in a free-text property file which is part of the s

I'm using GAE to run my app. My application uses a password to connect an external service. Currently I stor开发者_StackOverflow社区e this password in a free-text property file which is part of the sources. Cause I share my sources in git-hub my passwords are exposed

IS there a way to store this kind of sensitive information in GAE configuration / environment (using the admin portal) or something like that. I guess I can store it somehow in the DataStore, but I'm looking for something simpler like heroku ENV solution

Keep a separate, .gitignore'd, unversioned file that has your passwords in it (say "private.py"). Then, add an example version of this file with placeholder values to your versioned source (say, "private.py.sample").

class AppConfig(db.Model):
    pass = db.StringProperty()

# ...
cfg = AppConfig.get_by_key_name("MyFirstApplication")
if cfg is None:
    cfg = AppConfig(key_name="MyFirstApplication")
    # this is initial run - request pass from user
    cfg.pass = userInput
    cfg.put()
# here you can use your cfg.pass