Masking/hiding a github access token

Question

Lets say I have a github access token that looks like this a94a8fe5ccb19ba61c4c0873d391e987982fbbd3. This token needs to be placed in some code in order to create an issue when needed by a secondary account. I don't want people to know my access token, because, well that would be an awful idea.. What would be the best way to mask/hide my access token to put it into the code, and how would I reverse the mask/hide feature without being to obvious about it?

Answer 1

You could encode it using Base64 encoding:

>>> import base64
>>> access_token = "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3"
>>> encoded_access_token = base64.b64encode(access_token)
>>> encoded_access_token
'YTk0YThmZTVjY2IxOWJhNjFjNGMwODczZDM5MWU5ODc5ODJmYmJkMw=='

This isn't necessarily secure, but we can make it secure. We can keep encoding the access_token n times, and hide the number n in the resulting string. I have chosen the end.

For example, set n = 5.

def encodeToken(access_token, n):
    for i in range(n + 1):
         access_token = base64.b64encode(access_token)
    return access_token + str(n)

def decodeToken(encoded_token):
    n = encoded_token[-1]
    encoded_token = encoded_token[:-1]
    for i in range(int(n) + 1):
         encoded_token = base64.b64decode(encoded_token)
    return encoded_token

>>> access_token = "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3"
>>> encoded_access_token = encodeToken(access_token, 5)
>>> encoded_access_token
"Vm1wR1lWVXlUbkpOVldScFVteGFiMVZ1Y0VkaFJscHlWMjFHYWxadFVsWlZNblIzWWtaS1ZXSkdiRlpOYWtaMlZrUktSMk5zWkhWU2JGWm9UV3hLVUZkclVrSk9Wa3BYWVROd2FsSXdXbFJWYkZKQ1pVWmFSMWR0ZEZkaGVsWlhWREZXVjFkdFZuTlhiRVpXWVRGYU0xcEZXbXRYUlRGV1pFZG9UbEpGVmpaV1ZWcFNaREZDVWxCVU1EMD0=5"
>>> decoded_access_token = decodeToken(encoded_access_token)
>>> decoded_access_token
"a94a8fe5ccb19ba61c4c0873d391e987982fbbd3"

The safest thing to do is define your own method to encode the access token.