Secure Credentials¶
This section discusses ways to pass credentials securely to
UsernamePasswordAuth
. Specifically, you should
not hardcode your password(s) in your source code. Instead, you should use
environment variables or secure files to store your credentials and
simple Python code to read your credentials.
Environment variables¶
You can use os.environ
to read in your credentials from environment variables:
# my_script.py
import os
from tamr_unify_client.auth import UsernamePasswordAuth
username = os.environ['UNIFY_USERNAME'] # replace with your username environment variable name
password = os.environ['UNIFY_PASSWORD'] # replace with your password environment variable name
auth = UsernamePasswordAuth(username, password)
You can pass in the environment variables from the terminal by including them before your command:
UNIFY_USERNAME="my Unify username" UNIFY_PASSWORD="my Unify password" python my_script.py
You can also create an .sh
file to store your environment variables and
simply source
that file before running your script.
Config files¶
You can also store your credentials in a secure credentials file:
# credentials.yaml
---
username: "my unify username"
password: "my unify password"
Then pip install pyyaml
read the credentials in your Python code:
# my_script.py
from tamr_unify_client.auth import UsernamePasswordAuth
import yaml
creds = yaml.load("path/to/credentials.yaml") # replace with your credentials.yaml path
auth = UsernamePasswordAuth(creds.username, creds.password)
As in this example, we recommend you use YAML as your format since YAML has support for comments and is more human-readable than JSON.
Important
You should not check these credentials files into your version
control system (e.g. git
). Do not share this file with anyone who should
not have access to the password stored in it.