This section discusses ways to pass credentials securely to ~tamr_unify_client.auth.UsernamePasswordAuth
. Specifically, you should not hardcode your password(s) in your source code. Instead, you should use environment variables or secure files to store your credentials and simple Python code to read your credentials.
You can use os.environ
to read in your credentials from environment variables:
# my_script.py
import os
from tamr_unify_client.auth import UsernamePasswordAuth
username = os.environ['UNIFY_USERNAME'] # replace with your username environment variable name
password = os.environ['UNIFY_PASSWORD'] # replace with your password environment variable name
auth = UsernamePasswordAuth(username, password)
You can pass in the environment variables from the terminal by including them before your command:
UNIFY_USERNAME="my Unify username" UNIFY_PASSWORD="my Unify password" python my_script.py
You can also create an .sh
file to store your environment variables and simply source
that file before running your script.
You can also store your credentials in a secure credentials file:
# credentials.yaml
---
username: "my unify username"
password: "my unify password"
Then pip install pyyaml
read the credentials in your Python code:
# my_script.py
from tamr_unify_client.auth import UsernamePasswordAuth
import yaml
creds = yaml.load("path/to/credentials.yaml") # replace with your credentials.yaml path
auth = UsernamePasswordAuth(creds.username, creds.password)
As in this example, we recommend you use YAML as your format since YAML has support for comments and is more human-readable than JSON.
Important
You should not check these credentials files into your version control system (e.g. git
). Do not share this file with anyone who should not have access to the password stored in it.