software-discovery-tool icon indicating copy to clipboard operation
software-discovery-tool copied to clipboard
verified publisher icon openmainframeproject

Find a better way to store the password in package_search.py

Open pleia2 opened this issue 1 year ago • 5 comments

In production, it's recommended to use something like our https://github.com/openmainframeproject/software-discovery-tool-deploy system which updates the production tool with every commit so that the tool automatically stays up to date.

Today it doesn't quite work because changes have to be made to src/classes/package_search.py to add the read-only MariaDB password for the web UI to query. This results in an error when running git pull to keep the rest of the code up to date.

"Edit line 14 of a script" isn't the best way to store secrets anyway :smile: so let's come up with a better way of storing this password that doesn't require editing this file. If the file stays pristine, we won't have the git pull error!

pleia2 avatar May 20 '24 20:05 pleia2

Hey @pleia2 I'd like to work on this issue

duckling69 avatar May 20 '24 20:05 duckling69

@duckling69 Great! Let's discuss here a proposal for how you'd like to solve this, what are your thoughts?

pleia2 avatar May 20 '24 20:05 pleia2

We can create a .env file in the root directory and add it to .gitignore. We use python-dotenv to read the password as PASSWORD = os.environ.get('DB_PASSWORD').

hbarsaiyan avatar May 21 '24 17:05 hbarsaiyan

We can create a .env file in the root directory and add it to .gitignore. We use python-dotenv to read the password as PASSWORD = os.environ.get('DB_PASSWORD').

Good idea! Let's move forward with this solution :+1:

pleia2 avatar May 21 '24 18:05 pleia2

I was thinking of using something like TOML file to store config variables as it has structured data storage, data types and validation and is less likely to throw an error in future // @pleia2

duckling69 avatar May 22 '24 04:05 duckling69