Storing password in env var is insecure #2
Description
I'd like to store OPENSEARCH_HTTP_PASSWORD encrypted, but wildcard.hps would need to know how to decrypt it. Instead, maybe WildcardHPSCatalog.connection could be refactored so that the kwargs variable allows me to extend it somehow. Even just something like:
def get_connection_kwargs(self):
# the bulk of the old connection method would go here
return kwargs
def connection(self):
if self._conn is None:
kwargs = self.get_connection_kwargs()
self._conn = OpenSearch(hosts=self._get_hosts(), **kwargs)
return self._conn
That would allow me and others to keep a small monkey patch footprint with collective.monkeypatcher
def get_connection_kwargs(self):
kwargs = self._old_get_connection_kwargs()
# my stuff here - decrypt password with fernet key and set kwargs['http_auth']
return kwargs