This section discusses ways to pass credentials securely to
UsernamePasswordAuth. Specifically, you should
not hardcode your password(s) in your source code. Instead, you should use
environment variables or secure files to store your credentials and
simple Python code to read your credentials.
You can use
os.environ to read in your credentials from environment variables:
# my_script.py import os from tamr_unify_client.auth import UsernamePasswordAuth username = os.environ['UNIFY_USERNAME'] # replace with your username environment variable name password = os.environ['UNIFY_PASSWORD'] # replace with your password environment variable name auth = UsernamePasswordAuth(username, password)
You can pass in the environment variables from the terminal by including them before your command:
UNIFY_USERNAME="my Unify username" UNIFY_PASSWORD="my Unify password" python my_script.py
You can also create an
.sh file to store your environment variables and
source that file before running your script.
You can also store your credentials in a secure credentials file:
# credentials.yaml --- username: "my unify username" password: "my unify password"
pip install pyyaml read the credentials in your Python code:
# my_script.py from tamr_unify_client.auth import UsernamePasswordAuth import yaml creds = yaml.load("path/to/credentials.yaml") # replace with your credentials.yaml path auth = UsernamePasswordAuth(creds.username, creds.password)
As in this example, we recommend you use YAML as your format since YAML has support for comments and is more human-readable than JSON.
You should not check these credentials files into your version
control system (e.g.
git). Do not share this file with anyone who should
not have access to the password stored in it.