Inputting secrets in a form in a deployed app

On a cloud shared app, if a user inputs their username/key etc into a form, in order to access an API, is this secure/ acceptable practice?

I can use secret management, but I am looking for ways other users can access their data without my input. Thanks.

HI @littlefield,

Nice to see you on the forum again! :wave:

So a few things to hopefully help you:

  • forms hold the data in memory so from a security point of view it’s not too bad
  • setting this up via secrets but using a single sign-on (single username and password that you hand out to all your app users) for all the people logging in is an option depending on how and what your trying to achieve
  • if you are looking for more than this, or these options aren’t appealing to you, then the best option might be to upgrade the tier you’re on (you can find out plan info here). If you have questions you can DM me and I can put you in touch with someone who can give you more info!

Hopefully, this is helpful!

Happy Streamlit-ing

Thanks @Marisa_Smith! Thanks for the info on forms. My plan is to have users enter details, which carries out a POST request to an API, which provides details which will allow subsequent future logins via text input of those details. It’s not hugely sensitive but it would be good to have some reassurance that this is sensible/ users cannot see each other’s data.
The login idea is a good one, and I’ll probably end up doing that.

1 Like