I am developing an application with Streamlit that requires users to input their email credentials, including a password. Given the sensitive nature of this information, I want to ensure that the password entered by the user is handled securely and not stored or logged anywhere within the app or the Streamlit framework.
The password is collected using st.text_input with type="password" to mask the input and is passed directly to the smtplib library to authenticate with an SMTP server for sending emails. My concern is whether Streamlit might store this sensitive input in any way, such as in session state, logs, or elsewhere, particularly when running in a production environment.
Could you please provide guidance or confirm the following:
Does Streamlit store the value of password fields in session state or any other server-side storage?
Are there any specific configurations or best practices I should follow to ensure that password inputs are not logged or cached by Streamlit?
I aim to maintain the highest security standards and ensure compliance with our company’s strict IT policies. Any insights or advice from the community or the Streamlit team would be greatly appreciated.
Yes, Streamlit stores the values of the widgets (including text_input with type=password) at least as long as they need to be rendered. Otherwise it wouldn’t know what the value of each widget is when the main script reruns.
Do you know if they are stored or logged in any temporary files or databases? And if it is in plain text? I just don’t know if streamlit is secure enough for my organization and what could be a better alternative. I have not found documentation or forum discussions on this topic. Thank you!
Not by the streamlit code itself, as far as I know.
It is unlikely that some piece of software would qualify as “secure enough” for your organization just because its documentation or strangers in the internet say so. Consider seeking guidance from the experts in your organization.
You are right. Do you have any link to the documentation that explains how streamlit handles these password fields? I have not found anything, but it would definitely be helpful to be able to bring it to my superiors. Thank you again.
The available user-oriented documentation is linked at the top of this forum. However, “how streamlit handles these password fields?” seems too broad to have an answer other than the code itself. Feel free to ask if you have a more focused question.
Thanks for stopping by! We use cookies to help us understand how you interact with our website.
By clicking “Accept all”, you consent to our use of cookies. For more information, please see our privacy policy.
Cookie settings
Strictly necessary cookies
These cookies are necessary for the website to function and cannot be switched off. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms.
Performance cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us understand how visitors move around the site and which pages are most frequently visited.
Functional cookies
These cookies are used to record your choices and settings, maintain your preferences over time and recognize you when you return to our website. These cookies help us to personalize our content for you and remember your preferences.
Targeting cookies
These cookies may be deployed to our site by our advertising partners to build a profile of your interest and provide you with content that is relevant to you, including showing you relevant ads on other websites.