# Install Keyring for Python

Keyring uses your operating system's encrypted password repository to securely store passwords, API keys, and the like.  It can be used from within Python and R in a device-independent manner.  Under the surface, the developers have utilized the password vault provided by the OS: Keychain (MacOS), Keyring (Linux), and Windows Credential Manager (Windows) to store encrypted passwords.  Keyring eliminates the need to enter passwords repeatedly or to place them in variables, which is not secure.

To install, open Terminal (or Ananconda Powershell Prompt in Windows) and run the following:

```pip install keyring```

After installing, you can load it in Python with the usual import statement as shown below.  It is also advisable to import getpass so you can prompt for passwords while setting up your credentials.  (It doesn't make much sense to create "safe" storage of passwords, only to place them in an open text document, after all.)

In [1]:
import keyring
import getpass

## R Installation

For R users, install the keyring package with the intall.packages command:

``` install.packages("keyring") ```

You can then load it using:

```library(keyring)```

# Set up API Token

To add an entry into your credential store, you will need a minimum of three entries: the name of the key, the username, and the password.  For API tokens, you seldom have a username.  I generally use "token" for the username in these cases as shown below.  (The token shown is my API key for the College Scorecard.  If you intend to use the REST API for the College Scorecard, get your free key here: https://api.data.gov/signup).

In [2]:
keyring.set_password("college_scorecard",
                     "token",
                     "61cbmHCGylJSxD3sXSu3bV2LaLwOyZp4xfXXJz59")

# Set up Database Token

In the following example, I set up a username-password credential for use in attaching to the NULOOK database.  Note that I've added a prompt for the password so it isn't sitting out in plain text for someone to "borrow".

In [2]:
keyring.set_password("localhost",
                     "jasoncasey",
                     getpass.getpass())

········


Another strategy is to store both the username and password as encrypted entries for added protection.  (In other words,  the potential thief will need to guess _both_ the username and password.  I use the names _user_ and _secret_ to name these and use _token_ as my username in each key.

In [None]:
# Set the username
keyring.set_password("aaude_user",
                     "token",
                     getpass.getpass())

# Set the password
keyring.set_password("aaude_secret",
                     "token",
                     getpass.getpass())

# Test

The following test pulls the API token for the College Scorecard from my credential store.  As you can see, I passed the name (college_scorecard) and username (token) and it passwed back the passord.  You can use this function wherever code calls for a password string and never have to place a password in plain text ever again.  Very handy. 

In [3]:
token = "college_scorecard"

print("Jason's {} API key is:\n{}\n".format(token, keyring.get_password(token, "token")))

Jason's college_scorecard API key is:
61cbmHCGylJSxD3sXSu3bV2LaLwOyZp4xfXXJz59

