I am looking for the command or SDK, such as python, to generate new personal access token (PAT) in Github, but I didn't see any API for it.
https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token
All the documents are about to login github from website, and manually generate it.
Are there any automation way?
Unfortunately, this isn't something that can be done completely programmatically. Creating PATs requires sudo mode on GitHub, which prompts the user to authenticate.
The best you can do is use a command to prefill parts of the creation of a PAT (scopes, description, etc.). This isn't currently a feature of any Python package, though something similar exists in this R package: https://usethis.r-lib.org/reference/github-token.html
Related
I have a Python script that accesses Google cloud platform, I also set up the service account, I can request & save the json file through the cloud console webpage after I login my Google account, and sets the GOOGLE_APPLICATION_CREDENTIALS to that json file, so the Python script can have access.
Now I want to share it with others, I have requirements.txt for the Python scrip to install the gcloud-api library, but I don't want to enforce others to install gcloud-sdk. And I don't want to share that json file with others. I would like to let others run the script, and if that json credential file is not found, the script will ask them to:
login gcloud
generate and save json credential, e.g., to a default directory
sets GOOGLE_APPLICATION_CREDENTIALS to that json file
All the step better be done without browser. Is there a way to use Python to do such thing? I did some research & googling but no luck.
I believe I can do this anyway by Python invoking curl or using requests, but just wonder if there is a simpler way to do this.
UPDATE
Thanks to the comments but I just want to release to others a Python script file.
I read through the service account and the work identity federation, I don‘t have infra to setup identity provider. I believe that based on my reading and the comments, if I want to use something like oauth, I need to register my script as a client on Google. I am not sure if this is feasible or considered as a good practice...
I have a python script for some automation that contains a username and password.
This script triggers in a azure pipeline on GitHub.
But the idea of pushing credentials to GitHub is not good so I would like to store those credentials in a variable so it can be used by the script when the pipeline triggers.
Just to make the example clear, the python script holding the credentials looks like this:
wait.until(EC.element_to_be_clickable((By.CSS_SELECTOR, "div[class$='visible-lg'] input#signInFormUsername"))).send_keys('<USERNAME>')
wait.until(EC.element_to_be_clickable((By.CSS_SELECTOR, "div[class$='visible-lg'] input#signInFormPassword"))).send_keys('<PASSWORD')
Those are the 2 important values that I would like to remove from my plain script and store them in an env variable so when the pipeline triggers the python script, will know from were to fetch those credentials.
Can anyone advice on the best practice for this kind of scenarios?
Thank you very much and if you need more info just let me know
I highly recommend github secrets. From the documentation:
Secrets are encrypted environment variables that you create in an organization, repository, or repository environment. The secrets that you create are available to use in GitHub Actions workflows. GitHub uses a libsodium sealed box to help ensure that secrets are encrypted before they reach GitHub and remain encrypted until you use them in a workflow.
I am looking for a way to clone locally, a remote private git repository via python. Git i.e. not specific to a version control provider. Ideally I am looking to establish a connection with the remote repo(provider) using the credentials and then clone(emulate what would happen through bash) or just download the repo. This needs to happen via the python-script though. The credentials would be provided to the script as encoded arguments on console execution.
Everything I have tried so far seems to have a quirk that does not solve the issue entirely.
This post seems to solve the issue of cloning a public repo(GitPython): https://stackoverflow.com/a/2472616/6599916
Searching through stack and the GitPython documentation I haven't found a way to set authentication credentials through the GitPython library though. If anyone has implemented this it would be greatly appreciated.
Furthermore, in the past, I have implemented a version of this with a user prompt, but only for GitHub by employing requests to authenticate and then download the zip file of the remote repo. I can still use this, just for github.
remoteReply = requests.get(remURL, timeout=20, auth=credentials)
Also, I tried this: https://github.community/t5/How-to-use-Git-and-GitHub/Clone-private-repo/td-p/12616
which is still just for github. I would have tried a gitlab implemention but this yields errors when user password contains special characters like #. Is there a way to resolve this?
Finally, an implementation via the APIs of version control providers would be feasible if there existed a way to authenticate via username and password. All info regarding my issue circles around using sha or tokens which are not a solution in my case.
I have built a web platform with Django. Users with Staff status can log into Django-admin through their web browsers and add, remove or alter different objects, upload files, etc.
Now I want to build a command line tool to enable users to do these tasks via command line. The users need to authenticate in command line, and then use different commands to perform their target operation.
Think a command line git client to github.
Of course it's possible to authenticate and send form data using request or cURL. But is there any standard, better way of doing this? Is there any utility/library for this, maybe a Django/python one?
This looks like a '2-component' thing.
API
You will have to expose the desired functionality via an (RESTful) API.
Two common and very good libraries are tastypie and Django REST Framework.
They help you building APIs in a fast and flexible way - think about it as 'Django admin' for APIs.
Client
For request handling I would suggest to have a look at the python-requests library.
PS:
If you're interested - we did build a (quick, ugly, dirty & buggy) python client that interacts with our Django based service platform. You can find it on GitHub
I am starting on developing a django application on a shared webhosting server(alwaysdata.com).
I would like to understand what are the packaing options available to package a django application (preferably in compiled form)
I would like to setup the source code repository on my system and build using the python packaging and deploy the package on alwaysdata.com.
I would like the option of not having to share the source code on alwaysdata.com.
Looking at pip , I am not able to find this option.
EDIT
A few more clarification: I would need the ability to not share the sourcecode since it contains the "API secret key" which I would not want to compromise. The more I look into it , the more i believe that there is no way for me to distribute binary only distribution.
I've found fabric to be a pretty nice tool for deploying Django projects. To compile your python code you can use compileall:
python -m compileall <dir>
How is this API key used? Is it a google maps api? Is it provided in scripts that go to the browser? If so, it's already out in the open, anyone using your site will see it, so you're trying to provide a $100 lock for a $0.01 piece of information. If it's a google maps api, it's not secured by keeping it hidden, but rather it's tied to a domain/directory (IIRC).
Can you share a little more what the API key is and is for, then maybe we can help you find a better solution to keep it secure.
Do you think you have to share your source code if you host your application on a 'shared hosting' provider? That's not the case. Your source code should still be private to you but the administrators of your hosting provider can get it too. Other normal Joe Users of the service shouldn't have access to your source code, or your database too. If they do, then get another shared hosting provider!