Replies: 2 comments
-
The username and password should not be used as this has full control over your github account. Compromising these credentials could lead to loss of your account. Better create a token with minimal scope / permissions and use that. However, any credentials (password or token) could be stored in a file that is permissioned for your user only. Store this file our side your code, so you don't accidentally commit this to a repository. Then read this in Python as follows:
|
Beta Was this translation helpful? Give feedback.
-
For posterity, another way of doing this is using a Instantiating the class would then look like this: from dotenv import dotenv_values
from github import Auth, Github
auth_token = dotenv_values()["GITHUB_API_TOKEN"]
if auth_token is None:
raise RuntimeError("Unable to authenticate to GitHub!")
github_api = Github(auth=Auth.Token(auth_token)) Along with an appropriate GITHUB_API_TOKEN=<your_secret_token_here> |
Beta Was this translation helpful? Give feedback.
-
I want to use PyGithub to generate some statistics about specifics project where I am one of the owners/maintainers.
Do I have to authenticate via PyGithub to get the data (e.g. Issues)? If I would use the browser I can "read" the Issue list with my eyes of every public repo without being logged in. So where is the difference?
If I have to authenticate...
It is clear (to me) that I can not hard code a password or any other credential into the python code. So what can I do?
What is an alternative? I don't see a difference between password and access token. The letter is also a string I have to "remember" or store somewhere.
How can I solve this without compromising my security?
Beta Was this translation helpful? Give feedback.
All reactions