I’m going to deploy an app which requires pyrogram library on Streamlit Cloud.
pyrogram.Client uses api_id and api_hash to authorize and perform on Telergam API. More on this here: Authorization — Pyrogram Documentation
I’m rookie to development of any apps and I’m very concerned about security in this particular case.
First, I have to place both of my api_id and api_hash into my repository on GitHub or directly in app directory on Streamlit Cloud. Have anyone any suggestions, which way is better?
As far as I understand, my app folder on Streamlit is private, but my GitHub repository currently isn’t. Would it be possible for me to simply make my repo private and place file with accesses to API there, or placing it in the app folder on Streamlit will be enough?
Though on the first run pyrogram.Client requires an autorization via my phone number, it creates .session file to further perform API requests (to excess auth later on). Where it will create the file - I have no idea, due I did try to run my app on my local host only. I can’t confirm, whether .session will be created in my app directory, in GitHub repo or on the server which my app is running at. If not on the server - how can I assure that nobody can work with API using my api_id and api_hash and .session files?
I hope that I made the problem clear. Btw, I’m not greedy to share, but pyrogram isn’t that fast in work with API, and any interference will be a huge slow down. Performance speed in the first place, u know)
Thanks to anyone in advance!