I have a python script that will be used as a scheduled task. Our dba team is wanting the credentials to be as secure as possible. I would say that using the os security system as far as locking down a folder is my suggestion. This doesn't seem to be enough. Another idea is to encrypt a plain text file then un-encrypt it at runtime…
as described here
https://stackoverflow.com/questions/12042724/securely-storing-passwords-for-use-in-python-script
I don't understand where the secure key would reside.
I had a look at this on gis.se but it doesn't seem to be secure
Good practices for storing connection info while deploying geoprocessing tool on Server
Another idea I've seen is to build the script as an exe but it seems like this can be reverted to the actual script. Same with importing a pyc file that has the credentials.
I have access to visual studio and can write c# code well enough if this would help. Maybe the whole thing in c# but my ArcObjects skills may not be up to snuff for the cost/benefit for how much time it may take me.
Any ideas are welcome. Maybe this is more of a wiki…not sure. Thanks.
Best Answer
If you are using arcpy functions in python to connect to your SDE instance, then you could create an SDE connection file with OS authentication. This SDE file does not store any credentials but uses the credentials of the executing user. Then you can set up the scheduled task to run as a user with the correct DBA credentials. Windows task scheduler will need to store some credentials in order to run the scheduled task when you are not logged in. This would only require the DBA team to trust MS Windows to secure the credentials.