Gents,

I am in the process of creating a Python program that will use an API-Key to access a REST API on a particular website to perform certain actions. I do not want to store this API-Key inside the program as it would be insecure. My thinking is to prompt the user for the API-Key before the program executes as in:
Looking at this from a security perspective, I see many wholes in my logic and wanted some feedback from the Linux Gods.

What kind of whole do you see?
did you try this code? Is this what you really need? I don't really understand what do you want to achieve.

Hello Pan64 and thank you for your reply. What I am trying to achieve is the best secure coding practice when it comes to storing/handling API keys and or passwords inside my code and or scripts. I want to minimize the chances of giving the bad guys the keys to the kingdom. With that being said, in a previous job that I had, there was a password management application that we used that provided a webservice that used Integrated Windows Authentication that we would call using its REST API for creds instead of a user name and password. Simply put, if the system in which the code ran on, had a valid windows service account and a valid account on the password management server, it worked rather well. This was used in our dev environments for our in-house applications and for our scripts. Unfortunately in my current environment, I don't have that luxury and wanted to pick the forums mind to see if I could get a different perspective on this or to tell me that I am crazy