I'm building a Dash app using the basic authentication dash_auth. Unfortunately, this requires to hardcode a dictionary of usernames and passwords. This is not a huge problem since the app is only for in house use.

Now we would like to deploy this to Heroku by automatically tracking one branch of the GitHub repo because this seems most convenient. The problem is that this would require us to put the hardcoded passwords in the Github repository as well.

This post suggested using environment variables for tokens and client keys but how should I do this for dictionaries of passwords?

I'm open to alternative solutions as well.

Thanks

CodePudding user response：

Nothing really changes when doing this with a dictionary. You just need to parse the JSON string into a Python data structure.

In your application, instead of hard-coding the dictionary as shown in the documentation:

VALID_USERNAME_PASSWORD_PAIRS = {
    'hello': 'world'
}

pull it in from the environment, e.g. something like this:

import json
import os


VALID_USERNAME_PASSWORD_PAIRS = json.loads(os.getenv("VALID_USERNAME_PASSWORD_PAIRS"))

Then set your usernames as Heroku config vars:

heroku config:set VALID_USERNAME_PASSWORD_PAIRS='{"hello": "world"}'

The single quotes here should avoid most issues with special characters being interpreted by your shell.

For local development you can set a VALID_USERNAME_PASSWORD_PAIRS environment variable, e.g. via a .env file if you are using tooling that understands that.

Another option for local development would be to hard-code just a default value into your script by adding a default argument:

VALID_USERNAME_PASSWORD_PAIRS = json.loads(
    os.getenv("VALID_USERNAME_PASSWORD_PAIRS", default='{"local": "default"}')
)

Note that we give default a string here, not a dict, since we're passing the result into json.loads().

Be careful with this last option since you could accidentally publish the code without setting the environment variable, in which case the local default credentials would work.