All writing
Automation

Simplifying and Securing API Authentication in Python with Requests and Keyring

Chatting with my good friend over at Swimlane, Kevin Mata, about ways to secure my Python code that I have credentials stored. He suggested tools like BitWarden, Vault by Hashicorp, and others. But if

SB
Sif Baksh Network automation & security
Simplifying and Securing API Authentication in Python with Requests and Keyring

Chatting with my good friend over at Swimlane, Kevin Mata, about ways to secure my Python code that I have credentials stored. He suggested tools like BitWarden, Vault by Hashicorp, and others. But if you want to keep it simple and still secure, check out “keyring”, thanks for pointing me in that direction.

Why Should You Stop Hardcoding API Credentials in Python?

When working with APIs, handling authentication credentials securely is paramount. Hardcoding passwords directly into your scripts is a significant security risk. Luckily, Python offers solutions to manage your credentials securely. In this tutorial, we’ll focus on using the keyring library for secure storage of credentials and the popular requests library for making HTTP requests.

What Do You Need Before Getting Started?

Before we begin, ensure you have the following installed:

  • Python (3.x preferred)

  • requests library (pip install requests)

  • keyring library (pip install keyring)

How Do You Securely Authenticate with an API in Python?

Suppose we have an API endpoint that requires “basic auth” authentication. We’ll demonstrate how to securely authenticate with this API using keyring and requests.

Step 1: Installing Dependencies

First, let’s install the necessary libraries:

pip install requests keyring

Step 2: How Do You Create a Keyring Credential Store via CLI?

Using keyring Command:

You can create a keyring using the keyring a command followed by the set option:

keyring set rtr1 username
keyring set rtr1 password

If you have OAuth (Open Authorization) creds you can add as many elements that you want into into rtr1 or any namespace you choose.

Step 3: How Do You Retrieve Stored Credentials from Keyring in Python?

Geting your Credentials

import keyring

username = keyring.get_password("rtr1", "username")
password = keyring.get_password("rtr1", "password")

print("Username:", username)
print("Password:", password)

Step 4: How Do You Combine keyring and requests for a Secure API Call?

import requests
import json
import keyring
from requests.auth import HTTPBasicAuth

# Retrieve credentials securely from keyring
username = keyring.get_password("rtr1", "username")
password = keyring.get_password("rtr1", "password")
basic = HTTPBasicAuth("username", "password")

# API endpoint URL
url = "10.20.32.160/wapi/v2.5/member"

headers = {
  'Content-Type': 'application/json'
}

# Make POST request to authenticate
response = requests.post(url, headers=headers, data=payload, auth=basic)

# Print response
print(response.text)

What is the code doing?

  • We import the necessary libraries: requests, json, and keyring.

  • Using keyring, we securely retrieve the username and password from the system’s keyring store.

  • We define the API endpoint URL and prepare the payload with the credentials.

  • The requests.post() method is used to send the authentication request to the API.

  • Finally, we print the response from the API.

How Does Using keyring Make Your Python API Code More Secure?

In this tutorial, we’ve explored how to securely manage API authentication credentials in Python using the keyring library. By storing credentials in the system’s keyring, we avoid exposing sensitive information in our scripts. Additionally, we demonstrated how to make authenticated API requests using the requests library. This approach enhances the security of your Python applications while maintaining convenience and ease of use.

Now you can confidently authenticate with APIs without compromising security!

Frequently Asked Questions

How do you store an API credential using the keyring CLI? Run keyring set <service> <key> — for example, keyring set rtr1 username then keyring set rtr1 password. Replace rtr1 with any namespace that identifies the service. The credential is stored encrypted in the OS keychain (Keychain on macOS, Credential Manager on Windows, Secret Service on Linux).

How do you retrieve keyring credentials inside a Python script? Import keyring and call keyring.get_password(service, key): username = keyring.get_password("rtr1", "username") and password = keyring.get_password("rtr1", "password"). The values are fetched from the OS keychain at runtime — never written to disk in plaintext.

Why is hardcoding API credentials in Python scripts a security risk? Hardcoded credentials live in plaintext inside source files. If those files are committed to version control, shared, or leaked, the credentials are immediately exposed. Using keyring keeps secrets encrypted in the OS keychain and out of your code and git history entirely.

automationpythonsecurity
Back to all writing