1

How can a proxy username & password be passed to boto3 without using environment variables?

There is a similar stack question, however the question & answer focus on the url/port specification. I am sitting behind a corporate proxy and need to also specify user credentials; but I am not allowed to put my login credentials in an environment variable.

I will have to read the username/password into memory, but once I have them where in boto3 do they get inputed?

Thank you in advance for your consideration and response.

Ramón J Romero y Vigil
  • 17,373
  • 7
  • 77
  • 125
  • Start the script and use input to get login and getpass (input without echo - as in you type your password and it's not visible https://docs.python.org/3/library/getpass.html) to get your password. Then proceed as normally. – h4z3 Dec 16 '21 at 13:34
  • @h4z3 Thank you for the response, however my question is boto3 related. I can't find any documentation/functionality that demonstrates where to input the user & pass once I have it in memory. I have edited my question to clear up that confusion. – Ramón J Romero y Vigil Dec 16 '21 at 13:35
  • 2
    What about the second answer where the username and password is part of the url? If this is running on your local machine nobody can prevent you from putting your credentials into the env, when you are deploying this to e.g. AWS you should not use your personal credentials anyway. Ideally there would be proper routing via VPCs through some proxies, without credentials entirely. – luk2302 Dec 16 '21 at 13:36
  • https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html#passing-credentials-as-parameters The passing of keys as parameters is mentioned in docs before the environment variables because you usually do such stuff as parameter - the environment variables being automatically read is just a bonus for automated systems. – h4z3 Dec 16 '21 at 13:38
  • @h4z3 Thank you for the link. Unfortunately that documentation is for the AWS credentials, not the proxy credentials. – Ramón J Romero y Vigil Dec 16 '21 at 13:48

1 Answers1

1

Proxy configuration for boto3 is described here.

Passing username and password is not documented, however if you look at the underlying code (httpsession.py), it will extract username and password from a URL like https://username:password@example.com:443, and insert a Proxy-Authorization header using basic auth.

If that works with your company, you should be OK. However, some proxies require a different authorization method, and this will fail.

In that case will need to discuss your company's exact proxy mechanism with your IT group. They may suggest work-arounds, such as running your own proxy to handle authentication. Or they may permit you to use a cloud development tool that avoids the use of proxies.

I mention this because your deployment environment -- whether cloud or a local data center -- probably doesn't use an authenticating proxy. Which means that code written with the expectation of such a proxy won't work in a production deployment.

Parsifal
  • 3,928
  • 5
  • 9