I am creating a personal website using flask and python. I am using flask-mail to set up a smtp server with gmail, which requires the credentials of a gmail account. I wanted to know if there was a way to encrypt or protect the password and account of my gmail when pushing to GitHub?
Asked
Active
Viewed 599 times
1
-
6You should *never* commit credentials, let alone push them to github. – juanpa.arrivillaga Jul 19 '21 at 20:41
-
What OS are you using? – Doryx Jul 19 '21 at 20:51
-
I am using mac os – Ricardo Saca Jul 19 '21 at 20:53
2 Answers
3
Don't store your credentials in code! Use environmental variables.
For example using bash on linux or OSX:
On the command line you can set the environmental variable and then run your script.
$ export PASSWORD=my_password
$ python run.py
Your script can then grab the password. This way you don't expose any secrets when you commit your code and push it to github.
import os
PASSWORD = os.getenv("PASSWORD")
If you have many environmental variables you want to set, you can store them in a file like secrets.env and then source secrets.env to load them all. Be sure to add secrets.env to your .gitignore so that you don't accidentally commit it!
Also if you need some secrets to be available at run time as part of CI or deployment, you can use encrypted secrets on GitHub https://docs.github.com/en/actions/reference/encrypted-secrets
Doryx
- 377
- 4
- 12
-
1You should mention that `export` works for Linux and MacOS (as far as I know), for windows there is `set` I think, could be wrong – Matiiss Jul 19 '21 at 20:48
-
1
-
Thank you so much! I was wondering how to prevent storing credentials in my code. – Ricardo Saca Jul 19 '21 at 20:53
0
Never Push your credentials and API keys to Github, always prefer to store these credentials in env file.
k4anubhav
- 110
- 1
- 9