Secure credential storage in python

Question

The attack

One possible threat model, in the context of credential storage, is an attacker which has the ability to :

• inspect any (user) process memo

Answer 1

I'm no expert in this field and am really just looking to solve the same problem that you are, but it looks like something like Hashicorp's Vault might be able to help out quite nicely.

In particular WRT to the problem of storing credentials for 3rd part services. e.g.:

In the modern world of API-driven everything, many systems also support programmatic creation of access credentials. Vault takes advantage of this support through a feature called dynamic secrets: secrets that are generated on-demand, and also support automatic revocation.

For Vault 0.1, Vault supports dynamically generating AWS, SQL, and Consul credentials.

More links:

• Github
• Vault Website
• Use Cases