1

I'm using the Python requests library to make a call to an API that requires Windows Authentication. In C# I have always used the Directory Services, which has allowed me to avoid putting passwords in any of my code or configurations. From what I have found online, it seems that my only option in Python is to have a password somewhere. I have a service account that I will use, but I need to store the password securely. What is the best way to securely store and retrieve a service account password in Python without hard coding plain text?

The code that I am currently using is below. I have the username and password stored in plain text in my configuration:

auth = HttpNtlmAuth(
    config.ServiceAccount["Username"], 
    config.ServiceAccount["Password"]
    )

content = requests.post(call_string, json=parameters, auth=auth)

Edit: I should mention that this will not be a user-facing application. It will run as a batch job. So there will not be any way for a user to enter the username/password while running the application.

Improve this question
2
  • 2
    I don't know much about Windows programming but why can't you use Directory Services? It shouldn't matter what language you are in, if it is a service available to the system you should be able to access it. Is it part of Active Directory? There are various packages to interface with that. Commented Apr 18, 2018 at 21:40
  • @Kevin K , Please refer to this stackoverflow.com/questions/7014953/… I hope this helps. Commented Apr 18, 2018 at 21:44

2 Answers 2

Reset to default
2

You could just not store the password at all and require the user to provide the password at runtime

import getpass
user = getpass.getuser()
password = getpass.getpass()

Otherwise, you could do something similar to git and just have the user store their password in plaintext in a config file in their home directory that you then read at runtime.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This application will run as a batch process, so there won't be any opportunity for a user to input their credentials.
2

I know I asked this question a while ago, but I found a better solution to the NTLM/Windows authentication. I used the requests_negotiate_sspi library to avoid any passwords:

from requests_negotiate_sspi import HttpNegotiateAuth
auth = HttpNegotiateAuth()

content = requests.post(call_string, json=parameters, auth=auth)
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.