Dash-auth package - storing credentials securely


I’m creating a dashboard that I want to put live on Heroku and I want the end user to have to login.

I want to ensure that the username and password details are being stored securely when the dashboard is live. The documentation on authentication (Basic Auth) simply says “# Keep this out of source code repository - save in a file or a database” but doesn’t really give any detail on how this is done.

I’ve read the linked article on HTTP authentication so I’m assuming I put the credentials in a .htpasswd file and then reference this file with a .htaccess file.

My questions are:

  • Is this the right way to safely store login credentials for dash applications?
  • If it is then do I just store the .ht files in the app folder?

It seems a bit strange that I should supply the path to the .htpasswd file from the .htaccess file if they’re both in the same folder, but I’m not from a developer background so I don’t know if this is standard procedure or not.

Any help would be appreciated.