i have Api send data to other system .. i got a concern and refuse from security team about keeping Credential on my code or store it in Database .
Even when i purposed to them keep it on OS variable, they refused because anyone can get it from our code ?
So, the API on Hold now .. What's your best practices of this situation
I recommend placing secrets in a JSON file in Ignition's main install folder (outside the data/ subfolder). That will exclude it from gateway backups. Set permissions on the file so only the Ignition service user can read the file.
In a project library script, read the file and decode it into a python top-level variable. Other functions in that script will be able to retrieve the secrets as needed.
In your dev environment, place a file with testing credentials in the same place.