Gents,
I am in the process of creating a Python program that will use an API-Key to access a REST API on a particular website to perform certain actions. I do not want to store this API-Key inside the program as it would be insecure. My thinking is to prompt the user for the API-Key before the program executes as in:
Code:
import requests
from cryptography.fernet import Fernet
key = Fernet.generate_key()
priv_key = Fernet(key)
cap = input(b"Please Provide your API-Key: ").encode()
enc_input = priv_key.encrypt(cap)
base_vt = "https://www.blahblahblah.com/v3/"
req_head = {'User-Agent': 'Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko'}
vt_persist = requests.sessions()
vt_persist.headers.update(req_head)
get_real_goodies = vt_persist.get(base_vt + priv_key.decrypt(enc_input).decode())
Looking at this from a security perspective, I see many wholes in my logic and wanted some feedback from the Linux Gods.