Find a better way to store the password in package_search.py

[pleia2]

In production, it's recommended to use something like our https://github.com/openmainframeproject/software-discovery-tool-deploy system which updates the production tool with every commit so that the tool automatically stays up to date.

Today it doesn't quite work because changes have to be made to src/classes/package_search.py to add the read-only MariaDB password for the web UI to query. This results in an error when running git pull to keep the rest of the code up to date.

"Edit line 14 of a script" isn't the best way to store secrets anyway 😄 so let's come up with a better way of storing this password that doesn't require editing this file. If the file stays pristine, we won't have the git pull error!

[duckling69]

Hey @pleia2 I'd like to work on this issue

[pleia2]

@duckling69 Great! Let's discuss here a proposal for how you'd like to solve this, what are your thoughts?

[hbarsaiyan]

We can create a .env file in the root directory and add it to .gitignore. We use python-dotenv to read the password as PASSWORD = os.environ.get('DB_PASSWORD').

[pleia2]

We can create a .env file in the root directory and add it to .gitignore. We use python-dotenv to read the password as PASSWORD = os.environ.get('DB_PASSWORD').

Good idea! Let's move forward with this solution 👍

[duckling69]

I was thinking of using something like TOML file to store config variables as it has structured data storage, data types and validation and is less likely to throw an error in future // @pleia2