Page Comparison

This method is only suitable if you’re running in a desktop environment, such as MacOS, Windows, or Linux (Gnome). If you’re not running in a desktop environment, for example, a remote ssh terminal or cron job, please see https://tuftswork.atlassian.net/wiki/spaces/ESPTS/pages/640253962/Storing+Secrets#If-you-are-running-without-a-desktop

If desired, create a python virtual environment, and activate it. For example:

...

python setsecret.py 
Set secret!

python getsecret.py 
Got secret mysecret

If you are running on a desktop system, such as your mac, windows, or linux gnome laptop, it should work, and it securely stores your secret using your user keyring, which is locked by your login session. But if you are running on a remote system via ssh, or a headless service account, or cron job, you may get this error message. The solution is to install keyrings.alt as describe below:get the following error message, most likely you’re not running in a supported desktop environment. Don’t use keyrings.alt. Instead, use a supported backend (follow the link in the error message), or use the method from https://tuftswork.atlassian.net/wiki/spaces/ESPTS/pages/640253962/Storing+Secrets#If-you-are-running-without-a-desktop

The solution is to install the alternative keyring module. This module stores an encrypted keystore on disk, but it also stores the decryption key right next to it. This is why it’s “non-recommended.” But it’s still a huge improvement over having secrets in your code, or stored plaintext on disk, because it shelters your secret from accidental publishing in git push, and it obsessively sets private filesystem permissions on the keystore, so a breach is only possible if an attacker gains access to the storage, bypassing the filesystem permissions, or if the user account itself is compromised: