Unsolved
1 Rookie
•
299 Posts
0
552
how to avoid embedding password in REST script ?
I want to use the Isilon REST API from a python script in unix. However example scripts show username and password in script. This does not fly from a compliance view point, so I am trying to figure out is there a way to separate the username/password from the script.
If we get that far, we then get to the theory that username/password is supplied to get a token which is valid for 4 hours. To be efficient, we do not need to supply username / password most of the time as the access token is valid.
So how do I get the access token from the username/password so I can use the token for most of the REST calls, so making the script lighter on the Isilon ?
dynamox
1 Rookie
1 Rookie
•
20.4K Posts
0
August 11th, 2018 22:00
you could save username and password in a file and protect it unix ACLs. Then when your python script runs, it should run with the credentials that allow it to read the content of the file.
In my script i use username/password when I make my initial call to Isilon. If credentials are correct you will get back two cookies (with OneFS 8.1 and 8.0.x plus some patch): isisessid and isicsrf. I write those two cookies to a file so i can re-use them for 4 hours and then when they expire i request them again.