Best way to load password at startup.

[hiro]

I connect to an external DB in one of my models:

my_model.db:

my_db = DAL(

    'postgres://user:password@url/database',

    pool_size=20,

    after_connection=lambda self: self.execute('set search_path to my_schema, other_schema, public; set statement_timeout to 60000;'),

    migrate=False

)

Now we are planning to adding the project to a git repository and I would now like to store our password there. 

I though about just creating the connection string by reading the .pgpass file. It will probably work but it seems unnecessary to read .pgpass every request. What is the best way to load the password at startup but not all other requests? Maybe just create in if statement?

[Niphlod]

use an environmental variable or a configuration file that you'll have in private/ but won't commit to git. For the latter solution, the current scaffolding uses a new module, named appconfig.

[Gary Cowell]

For one of my apps, I added extra fields to auth to hold some Amazon AWS credentials for the logged in user.

This means that I can access the required API keys when logged in , but because it's part of the database, it doesn't get committed to source control.

For accessing external database legacy database in another app, my web2py app was using postgresql, but I needed to access some tables in a legacy Oracle database.

So, I stored the location and access credentials in a table in postgres, and used those when opening the DAL for the legacy Oracle system.

Interesting to see if there's a canonical or best way to do this. Environmental variables, config files, database tables, all have weaknesses if used to store credentials.