Securely Storing Credentials in Python with Keyring
When building Python scripts that connect to databases, APIs, or other services, one of the first challenges you’ll face is how to securely handle credentials. Hardcoding passwords in your scripts is a security risk. Environment variables are better but still have limitations. The Python keyring library offers an elegant solution by leveraging your operating system’s native credential store.
The Problem with Hardcoded Credentials
Many developers start by embedding usernames and passwords directly in their scripts. This creates several problems: credentials end up in version control, they’re visible to anyone with file access, and updating them requires modifying code.
Using the Keyring Library
The keyring library provides a cross-platform way to access the system’s credential store — Windows Credential Locker, macOS Keychain, or Linux’s Secret Service. This means your credentials are encrypted at rest and managed by the OS.
Installation
pip install keyringStoring a Credential
import keyring
keyring.set_password("my_database", "admin_user", "my_secure_password")Retrieving a Credential
import keyring
password = keyring.get_password("my_database", "admin_user")
print(password) # my_secure_passwordWhy This Matters for Analytics Teams
For teams building automated data pipelines, ETL processes, or reporting scripts, credential management is critical. The keyring approach ensures that:
- Credentials never appear in source code or configuration files
- Each developer/server can maintain its own credential store
- The operating system handles encryption and access control
- Scripts remain portable across environments
This is a summary of the original article. Full content is being migrated from the previous site.