how to connect to postgres from sqalchemy without exposing sensitive information like password, port and host

Question

I'm making a Flask application that is using sqlalchemy as a layer between the application and a postgres database. Currently I'm using a 'config.py' file that fetches the sensible connection info from system variables. But my IT admin says it's not sufficiently safe as we will be hosting the server ourselves rather than using PAAS. What would be the most smooth and efficient way to provide the db connetion to sqalchemy without exposing the sensitive connection info to anybody that have access to the server (and thereby being able to read the system variables)?

I'm using VisualStudio as IDE, so dev environment is windows, but would like to be able to deploy on linux if needed.

This is my 'runserver.py' file:

...
from config import DevelopmentConfig, ProductionConfig, TestingConfig
app = create_app(ProductionConfig)
if __name__ == '__main__':
    HOST = environ.get('SERVER_HOST', 'localhost')
    try:
        PORT = int(environ.get('SERVER_PORT', '6388'))
    except ValueError:
        PORT = 6388
    app.run(HOST, PORT)

And this is my '__init__.py' file:

def create_app(config=DevelopmentConfig):
    app = Flask(__name__)
    app.config.from_object(config)
    db.init_app(app)
    ...

Does the PostgreSQL server accept [authentication methods](https://www.postgresql.org/docs/current/auth-methods.html) other than "Password"? — Gord Thompson, Oct 04 '22 at 15:16
It has ODBC, which hides the password, but not sure how I can use that with sqlachemy? — user123442, Oct 04 '22 at 19:21

how to connect to postgres from sqalchemy without exposing sensitive information like password, port and host

0 Answers0