Highlighted
3 Argentum

REST API security

Jump to solution

Hi,

  Is there a way to do REST calls without passing in the password in clear text?  I can't find anything other than using the settings.cfg file and you still have to put the password in as plain text.  It's simple enough to hash a password and it should be simple enough to add an API key but I can't seem to find anything in the documentation.

 

Labels (3)
0 Kudos
Reply
1 Solution

Accepted Solutions
Highlighted
3 Argentum

This is something one of our developers recommended

https://pypi.org/project/keyring/

View solution in original post

0 Kudos
Reply
(1)
8 Replies
Highlighted
3 Argentum

What are you using to send REST calls?

https://www.middlewareinventory.com/blog/how-to-avoid-or-hide-clear-text-username-and-password-in-cu...

I use postman and it does not type passwords in clear text.

0 Kudos
Reply
Highlighted
3 Argentum

It's a Python script and it's not interactive.  It's scheduled to kick off once a day.  I'd just prefer not to have the password sitting in plain text on the server.

0 Kudos
Reply
Highlighted
3 Argentum

What do you think about having a file with the credentials that only your user has access to?

 

config.py

username = "xy"
password = "abcd"

main.py

import config
login(config.username, config.password)

0 Kudos
Reply
Highlighted
3 Argentum

Hi Ankur,

  That's not a bad idea.  I'll work on that for now.  Can you tell me if there are any plans on the road-map to add this feature?

0 Kudos
Reply
Highlighted
3 Argentum

Since this is more of a API "flaw" and not VPLEX specific Im not sure what VPLEX could add on its roadmap. This is no different than if you tried to do API calls to your array under VPLEX.

0 Kudos
Reply
Highlighted
3 Argentum

I wouldn't call it a flaw so much in that over the wire communications are secured through HTTPS.  I guess I thought maybe something like an API key or somehow have the system accept a hash instead of a clear text password.  Thanks for replying.

0 Kudos
Reply
Highlighted
3 Argentum

This is something one of our developers recommended

https://pypi.org/project/keyring/

View solution in original post

0 Kudos
Reply
(1)
Highlighted
3 Argentum

This is perfect!  Tell your developer I said thanks.

0 Kudos
Reply