Wonderful Python Libraries series Nº 2 :: Python Secure Secret Storage

Treat with sensitive information is a must. But every so often, it is not easy.

Today we’ll review the secure secret manager and an easy way to use, a light way solution for some scenarios and local scripts.

TL;DR What’s a Secure Secret Storage

A vault is a secure storage for saving sensitive data, like passwords, access tokens, etc.

You also can find this concept by searching for Secret Manager.

Almost all most known cloud providers have solutions for storing sensitive data securely:

• AWS: AWS Secret Manager
• Google Cloud: Google Cloud Secret Manager
• Azure: Key Vault

They’re also open source solutions. Most known is Hashicorp Vault

All of the above solutions are client-server-based. It’s good. But sometimes, we need something more lightweight.

This library, in a few words

With Python keyring you can safely store sensitive data.

This library uses the operating system’s secure storage for saving sensitive data.

Some examples

Let’s say we want to store Postgres credentials by using this library:

Then, let’s say we would like to use these credentials with our script that connects with a PostgreSQL database.

First, install the PostgreSQL dependency:

> pip install "psycopg[binary]"

Then, connect to the database:

That’s it! Easy.

Finally, we can check that the secrets were stored in our Operating System’s secure storage. In my case, I use OS X. So. The sensitive data are stored at Keychain Access:

You can found code examples in my GitHub Medium repository:

https://github.com/cr0hn/my-medium-posts-resources/tree/main/WonderfulLibraries/post-2