search

yhat / db.py

db.py is an easier way to interact with your databases
BSD 2-Clause "Simplified" License
1.22k stars 111 forks source link

save_credentials should at least have an option for a simple encryption key #15

Open hrbrmstr opened 9 years ago

hrbrmstr commented 9 years ago

Many analysts work in enterprises where there are some hard and fast compliance rules for storing passwords in cleartext (yes, base64 == cleartext). Adding a option to let folks use a master "encryption key" (yes, that they would have to typed in) to encode/decode the credentials will add a bit of security to this feature and prevent an audit nightmare.

glamp commented 9 years ago

totally agree. do you have any examples of implementations in python?

hrbrmstr commented 9 years ago

I am actually working on an R package for https://github.com/LastPass/lastpass-cli (lastpass cli) that would be easy to port to python for this, but could try to make it tool-agnostic and just use pure python libs (lastpass is free, but many enterprise folks can't install s/w on their systems). I'll be glad to do a pull req for this (just wanted to vet the posit with you before starting it :-) Will try to have it done in next cpl of wks.

It'll be an optional parameter since I know some folks don't need or want the hassle of encryption.

On Thu, Nov 6, 2014 at 10:00 AM, Greg Lamp notifications@github.com wrote:

totally agree. do you have any examples of implementations in python?

— Reply to this email directly or view it on GitHub https://github.com/yhat/db.py/issues/15#issuecomment-61990891.

glamp commented 9 years ago

That sounds great. Let me know if I can help.

On Thu, Nov 6, 2014 at 10:39 AM, boB Rudis notifications@github.com wrote:

I am actually working on an R package for https://github.com/LastPass/lastpass-cli (lastpass cli) that would be easy to port to python for this, but could try to make it tool-agnostic and just use pure python libs (lastpass is free, but many enterprise folks can't install s/w on their systems). I'll be glad to do a pull req for this (just wanted to vet the posit with you before starting it :-) Will try to have it done in next cpl of wks.

It'll be an optional parameter since I know some folks don't need or want the hassle of encryption.

On Thu, Nov 6, 2014 at 10:00 AM, Greg Lamp notifications@github.com wrote:

totally agree. do you have any examples of implementations in python?

— Reply to this email directly or view it on GitHub https://github.com/yhat/db.py/issues/15#issuecomment-61990891.

— Reply to this email directly or view it on GitHub https://github.com/yhat/db.py/issues/15#issuecomment-61997360.

immerrr commented 9 years ago

@glamp, there's a keyring package for python that provides multiple credential storage backends for different platforms.