faq005_db_login_data
We have three options available:
- Set your login data as encrypted environment variables (recommended)
- Set your login data as encrypted strings in the config.conf(recommended if you need more flexibility)
- Set your login data as raw, unencrypted strings in the config.conf(not recommended)
We'll now take a closer look at these options.
Environment variables are hidden variables on your computer. Don't fool yourself, because environment variables don't offer full protection against someone getting hold of your password, if you use local experiments. But they make it harder to identify your login data. In order to create some extra obfuscation, we first encrypt the login data using symmetric encryption.
These short (5 min) Youtube - Videos do a good job at explaining:
- Mac & Linux: Hiding Passwords and Secret Keys in Environment Variables
- Windows: Hiding Passwords and Secret Keys in Environment Variables
After setting an environment variable, you need to restart your code editor(e.g. PyCharm, SublimeText) and the shell / terminal, if you use it. Otherwise, the new environment variable will not be found.
We use the python module cryptography
with its encryption class Fernet
.
The code below will generate a random key for you. We use this key to encrypt and decrypt the login data.
from cryptography.fernet import Fernet
key = Fernet.generate_key().decode()
print(key)
Now copy the key and save it to an environment variable with the name ALFRED_SECRET_KEY
.
The code below will prompt you to enter your login data and return an encrypted version.
from cryptography.fernet import Fernet
import os
key = os.environ.get("ALFRED_SECRET_KEY")
username = str(input("\nUsername: ")).encode()
password = str(input("\nPassword: ")).encode()
f = Fernet(key)
encrypted_username = f.encrypt(username).decode()
encrypted_password = f.encrypt(password).decode()
print(f"Encrypted Username (please copy): {encrypted_username}\n")
print(f"Encrypted Password (please copy): {encrypted_password}\n")
The variables should be called ALFRED_MONGODB_USER
and ALFRED_MONGODB_PASSWORD
Here, we show only the part relevant for the access to MongoDB. As you can see, you can leave the fields user
, password
and encrypted_login_data
empty if you use an environment variable.
[mongo_saving_agent]
use = true
assure_initialization = true
level = 1
host = <address of the server holding your mongodb >
database = <name of the database you want to use >
collection = <name of the collection you want to use >
user =
password =
encrypted_login_data =
If you think you might need to change your login data sometimes, and changing the environment variable every time seems too tedious in your case, you can take this alternative approach. You still want your login data not to be too obvious, so we use symmetric encryption here aswell.
What does that mean? It's quite straight - forward:
- You generate a random key and save it in an environment variable
- Using this random key, you encrypt your password
- You put the encrypted password into your config.conf
- If you specified the environment variable correctly, alfred will automatically decrypt your password using the random key from the environment variable
Security - wise, this approach is about as good as the first one. Here, we trade a little greater initial effort for the possibility to easily change login data for individual experiments. Note that you still need to encrypt your new password with the ** exact same key ** for this approach to work.
We use the python module cryptography
with its encryption class Fernet
.
The code below will generate a random key for you.
from cryptography.fernet import Fernet
key = Fernet.generate_key().decode()
print(key)
Now copy the key and save it to an environment variable with the name ALFRED_SECRET_KEY
:
- Mac & Linux: Hiding Passwords and Secret Keys in Environment Variables
- Windows: Hiding Passwords and Secret Keys in Environment Variables
After setting an environment variable, you need to restart your Code Editor(e.g. PyCharm, SublimeText) and the Shell / Terminal, if you use it. Otherwise, the new environment variable will not be found.
The code below will prompt you to enter your login data and return an encrypted version.
from cryptography.fernet import Fernet
import os
key = os.environ.get("ALFRED_SECRET_KEY")
username = str(input("\nUsername: ")).encode()
password = str(input("\nPassword: ")).encode()
f = Fernet(key)
encrypted_username = f.encrypt(username).decode()
encrypted_password = f.encrypt(password).decode()
print(f"Encrypted Username (please copy): {encrypted_username}\n")
print(f"Encrypted Password (please copy): {encrypted_password}\n")
In your config.conf, you simply paste the encrypted password and set encrypted_login_data = true
:
[mongo_saving_agent]
use = true
assure_initialization = true
level = 1
host = <address of the server holding your mongodb >
database = <name of the database you want to use >
collection = <name of the collection you want to use >
user = <encrypted username >
password = <encrypted password >
encrypted_login_data = true
You can also paste your password directly into the config.conf, although this is not recommended, because anyone will be able to get hold of your password simply by opening your config.conf. You also need to be very careful when sharing your code, because you probably don't want your mongoDG password archived on the OSF.
Still, if you want to do it, all you need to do is paste your password into the config.conf and set encrypted_login_data = false
.
Your config.conf will look like this:
[mongo_saving_agent]
use = true
assure_initialization = true
level = 1
host = <address of the server holding your mongodb >
database = <name of the database you want to use >
collection = <name of the collection you want to use >
user = <username >
password = <password >
encrypted_login_data = false
If you have trouble getting your code to work, you can contact our support via alfred@psych.uni-goettingen.de. Please make sure to test your code diligently before asking for help.