安全地存储密码以在 python 脚本中使用 [英] Securely storing passwords for use in python script

问题描述

可能的重复:
我需要要在 Python 中安全地存储用户名和密码，我有哪些选择?

我正在寻找一种方法来安全地存储我打算在某些 Python 脚本中使用的密码.我将登录不同的东西，我不想将密码作为明文存储在脚本本身中.

I am looking for a way to securely store passwords which I intend to use in some Python scripting. I will be logging into different things and I don't want to store the passwords as plaintext in the script itself.

相反，我想知道是否有任何东西可以安全地存储这些密码，然后使用我可以在开始时输入到脚本中的主密码之类的东西来检索它们.

Instead I was wondering if there is anything which is able to securely store those passwords and then retrieve them using something like a master password which I could enter to the script at the beginning.

推荐答案

自己了解主密钥.不要硬编码.

Know the master key yourself. Don't hard code it.

使用py-bcrypt (bcrypt)，强大的哈希技术自己生成密码.

Use py-bcrypt (bcrypt), powerful hashing technique to generate a password yourself.

基本上你可以做到这一点(一个想法......)

Basically you can do this (an idea...)

import bcrypt
from getpass import getpass
master_secret_key = getpass('tell me the master secret key you are going to use')
salt = bcrypt.gensalt()
combo_password = raw_password + salt + master_secret_key
hashed_password = bcrypt.hashpw(combo_password, salt)

将盐和散列密码保存在某处，以便每当您需要使用密码时，您正在阅读加密密码，并针对您再次输入的原始密码进行测试.

save salt and hashed password somewhere so whenever you need to use the password, you are reading the encrypted password, and test against the raw password you are entering again.

这基本上就是现在登录的工作方式.

This is basically how login should work these days.

这篇关于安全地存储密码以在 python 脚本中使用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！