search

e13h / gsheets-plaid

Bringing bank transactions into Google Sheets with Plaid
GNU General Public License v3.0
14 stars 2 forks source link

Adopt a more secure method of storing tokens and credentials #3

Open e13h opened 2 years ago

e13h commented 2 years ago

To make a step towards production readiness, research and find a simple way to store tokens, credentials, and environment variables in a secure way.

e13h commented 2 years ago

It turns out that saving the credentials in the install directory is pretty clunky.

When you try to run pip uninstall gsheets-plaid, you get the following warning from pip:

pip uninstall gsheets-plaid
Found existing installation: gsheets-plaid 0.1.0
Uninstalling gsheets-plaid-0.1.0:
  Would remove:
    /path/to/lib/python3.10/site-packages/gsheets_plaid-0.1.0.dist-info/*
    /path/to/lib/python3.10/site-packages/gsheets_plaid/*
  Would not remove (might be manually added):
    /path/to/lib/python3.10/site-packages/gsheets_plaid/resources/db/.env
    /path/to/lib/python3.10/site-packages/gsheets_plaid/resources/db/tokens/google_credentials.json
    /path/to/lib/python3.10/site-packages/gsheets_plaid/resources/db/tokens/google_token.json
    /path/to/lib/python3.10/site-packages/gsheets_plaid/resources/db/tokens/gsheets_config.json
    /path/to/lib/python3.10/site-packages/gsheets_plaid/resources/db/tokens/plaid_tokens.json
Proceed (Y/n)?

Maybe we can create a directory in the home directory? Something like ~/.gsheets_plaid/.