I am creating a personal website using flask and python. I am using flask-mail to set up a smtp server with gmail, which requires the credentials of a gmail account. I wanted to know if there was a way to encrypt or protect the password and account of my gmail when pushing to GitHub?
Don't store your credentials in code! Use environmental variables.
For example using bash on linux or OSX:
On the command line you can set the environmental variable and then run your script.
$ export PASSWORD=my_password
$ python run.py
Your script can then grab the password. This way you don't expose any secrets when you commit your code and push it to github.
import os
PASSWORD = os.getenv("PASSWORD")
If you have many environmental variables you want to set, you can store them in a file like secrets.env
and then source secrets.env
to load them all. Be sure to add secrets.env
to your .gitignore
so that you don't accidentally commit it!
Also if you need some secrets to be available at run time as part of CI or deployment, you can use encrypted secrets on GitHub https://docs.github.com/en/actions/reference/encrypted-secrets