Menu
I am working on a python program that runs as an svn post-commit hook. It posts your commit message to Twitter.
It works great, but I just realized something. My CONSUMER_SECRET and CONSUMER_KEY are right there in the source code. That's probably a bad thing.
I'm new to python, and I was actually just converting someone else's program to oAuth from basic HTTP auth. I am using tweepy to post to twitter.
So, how can I securely save my consumer oAuth keys so that people cannot view them?
EDIT: Is it possible to save my keys somewhere where my app can read them, but users can't? I want everyone using this hook to be using my app, so on their tweets it says "via MyApp".
752
Keep such things in a settings file that you do not commit to your versioning system or code repository in any way. Rather provide a template for the file with documentation on how to populate it with the needed settings (such as their application credentials).
103
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
