How to Encrypt and Decrypt application password using Python

There are scenarios when we are using application password in our code. This is completely an unethical practice. Password should be hidden.

Here I’ve used python (cryptography pkg ) to encrypt a password and later decrypt it for further use.

> pip install cryptography

Mostly, we have seen application passwords are not changing very frequently. Hence, have taken below approaches:

Place a simple txt file contains ONLY password string.

Now, as I said this password will not change very frequently, hence, we will read this file, encrypt the password and delete this using our 1st python script (encryptPWD.py). Also, this script will generate 2 different files one will contain encrypted password and other will have the random key which will be used to decrypt later.

Note: for simplicity I’ve created 2 different files one to store encrypted password and other to keep key. If you want you can save them in a single file and later read the same file in next module.

The final python script (decryptPWD.py) will read those 2 files (encrypted password and key) and then decrypt it for further use.

ote: the 1st python script will be executed only when we have a new application password in place. Where the 2nd script can be executed multiple times to decrypt the same password using the same key value. And most significantly there will be no file available that contains the actual password.

Refer to the below flow. It explains what we have discussed above :

SAMPLE CODE

  1. encryptPWD.py
# Description: This program will be executed only when we have a new password file.

from cryptography.fernet import Fernet
import os

### 1. read your password file
with open('pwd.txt') as f:
mypwd = ''.join(f.readlines())

### 2. generate key and write it in a file
key = Fernet.generate_key()
f = open("refKey.txt", "wb")
f.write(key)
f.close()

### 3. encrypt the password and write it in a file
refKey = Fernet(key)
mypwdbyt = bytes(mypwd, 'utf-8') # convert into byte
encryptedPWD = refKey.encrypt(mypwdbyt)
f = open("encryptedPWD.txt", "wb")
f.write(encryptedPWD)
f.close()
### 4. delete the password file
if os.path.exists("pwd.txt"):
os.remove("pwd.txt")
else:
print("File is not available")

OUTPUT:

2 files : Encrypted password and reference Key

2. decryptPWD.py

# Description: This program will read the key and encrypted pwd generated by GenerateEncryptedKey program. Can be executed multiple time.
from cryptography.fernet import Fernet

# read encrypted pwd and convert into byte
with open('encryptedPWD.txt') as f:
encpwd = ''.join(f.readlines())
encpwdbyt = bytes(encpwd, 'utf-8')
f.close()

# read key and convert into byte
with open('refKey.txt') as f:
refKey = ''.join(f.readlines())
refKeybyt = bytes(refKey, 'utf-8')
f.close()

# use the key and encrypt pwd
keytouse = Fernet(refKeybyt)
myPass = (keytouse.decrypt(encpwdbyt))
print("my password - ",myPass)

OUTPUT:

It’s a very straight forward process and can be used easily to hide password.

Happy reading!

Big Data Engineer and pySpark Developer