Development Linux Security Python

Python getpass module

We all keep secrets, don’t we? Even our programs do. The important thing about secrets is that we must keep them safely and secretly hidden from entities who should not have access to these secret keys, pass-phrases or password which will allow users to do something they aren’t authorized to do. Same care needs to be taken when we accept secret keys, pass-phrases or password from users in our programs like the secret String should not be echoed when we type them on the screen. The Python getpass module allows us to do this efficiently.

Python getpass module

Using Python getpass module, it is possible to accept passwords in Python programs and keep the passphrases safe. We will see examples of keeping passwords safe and also how we can stream passwords from the terminal to text files. Let’s get started with some examples.

Python getpass basic example

In this example we will start with a very basic example of how we can make a user enter a password in the terminal and make sure that the password is not echoed back to the command prompt. Here is the same program:

import getpass

try:
password = getpass.getpass()
except Exception as ex:
print('Error Occured : ', ex)
else:
print('Entered password :', password)

Here is what we get back with this command:

Get password secret

Get password secret

The string password is the default prompt which is presented by the python script. In the next example will be customising that to something we will like to use in our programs.

Python getpass with custom prompt

In this example we will customise the prompt which is shown to the user when Python asks for a secret phrase:

import getpass

pwd = getpass.getpass(prompt = 'Which is best Ubuntu island to visit?')
if pwd == 'LinuxHint':
print('Ofcourse!')
else:
print('Where is that?')

Let’s see the output for this command:

Custom prompt to get Password

Custom prompt to get Password

This command is useful when you want to ask for some passphrases apart from password strings.

Stream password to another streaml

The getpass module allows us to stream the password a user enters to some other streams like a file, logs or anything which can be represented as a stream actually. We just need to pass the stream to the function itself:

import getpass
import sys

pwd = getpass.getpass(stream=sys.stderr)
print('Entered Password: ', pwd)

Here is what we get back with this command:

Streaming password to other streams

Streaming password to other streams

Getting passwords without Terminal

The Python getpass module needs tty which can be controlled by a termios. This is applicable when we are working with some Unix based systems. With this, echoing can be disabled. When we execute the following example on a non-Unix machine:

echo "not dark" | python3 getpass_defaults.py

Here is what we get back with this command:

termios command

termios command

As we ran the script on a non-Unix machine, the output String was what we entered. Otherwise, we would have simply seen not dark String as output on the terminal.

Read more about teletype terminals here.

Conclusion

In this lesson, we looked at how we can make use of Python getpass module to manage secret passphrases efficiently in our Python programs.

About the author

Shubham Aggarwal

Shubham Aggarwal

I’m a Java EE Engineer with about 4 years of experience in building quality products. I have excellent problem-solving skills in Spring Boot, Hibernate ORM, AWS, Git, Python and I am an emerging Data Scientist.