Environment variables which are passwords

Hi There,

I don't want to store sensitive information (like passwords) in my code.  On production we store the environment variables which contain these passwords.  They are located in a protected area and all is well.

When you start putting these variables into PyCharms configurations then you have them stored in flat files.  It's worse when you "share" the config b/c then you are effectively negating the whole purpose as these are plain text.  Less concerning is that for each configuration these variables are repeated over and over.  This means of course, for each configuration you will have your password replicated n times the number of configurations.

The question is how should this be handled?  I thought that "Include Parent Environment Variables" would solve this but I can't figure out what is the parent is - assuming this means the parent process?  If so then you're still out of luck as Mac has removed the user defined MacOS Environment plist.

Anyway does anyone have a clean way to use sensitive variables in PyCharm?
Note that even though environment.plist was removed, it's still possible to define environment variables global to all processes:
Hi Dmitry,

Your right that you can define global environment variables.  But I don't believe you're advocating putting sensitive variables in a global script which is seen by all local users, are you?

Please sign in to leave a comment.