I have made a tkinter desktop application and I have a table named auth with a single row which contains sensitive API credentials. My thought is to encrypt this table using pysqlcipher (link) or equivalent.
According to the documentation, you have to pass the PRAGMA key before doing any operation. If someone decompiled an .exe build of my app, couldn't they just find this key in the source code and then decrypt the database from there? If so, what's a common solution for protecting sensitive API credentials in a desktop app?
from pysqlcipher import dbapi2 as sqlite
conn = sqlite.connect('test.db')
c = conn.cursor()
c.execute("PRAGMA key='test'")
c.execute('''create table stocks (date text, trans text, symbol text, qty real, price real)''')
c.execute("""insert into stocks values ('2006-01-05','BUY','RHAT',100,35.14)""")
conn.commit()
c.close()
My sqlite table structure:
db.sqlite
|__ profiles
|__ auth
|__ tables
Disclaimer: I am no security or encryption expert but I am very willing to explore and learn all options.