In the sample code for s3bucketmap and keevalbak I use a localenv module to define configuration options that cannot be included in published source code.
Although localenv is not an application in itself, I have published a sample skeleton implementation with accompanying instructions and explanation at http://github.com/pdorrell/localenv.
There are potential security issues in defining a standard location to store things like an Amazon S3 secret access keys.
Whether or not these constitute a problem I leave up to the user to decide. Future versions may address the issue (for example, storing sensitive information in a password protected store which requires interactive decryption before it can be accessed).
It is not necessary to define or use the localenv module to use s3bucketmap or keevalbak – but I have used it within the supplied sample code in lieu of the usual "put your S3 credentials here" comment (of course a similar comment appears in the sample localenv code, but in theory that could be the only place where it needs to appear).
A major benefit of using localenv is that you can edit the sample files of these applications, and check them into a public repository, without having to worry that you might have accidentally checked in your S3 credentials. In that respect, use of localenv increases your security.
An alternative to using the localenv convention is to define some location for application configuration files, perhaps specified by an environment variable. I found that this cluttered up the Python code with environment variable lookup and datafile parsing (even if I used the simplest option which is YAML).
Using Python's own module importation system to access configuration data seems to be both the most elegant and the most flexible. It is elegant because you access configuration variables directly using Python's "dot" notation. It is flexible because:
A Google search for "python configuration" did not reveal anything obviously similar to the approach I have taken here. Most of the results for the search are references to various configuration packages which provide facilities to parse files containing configuration data written in various formats (which as I already mentioned, is more cluttered and less flexible than just importing a module).
Python itself does have a special user module. This serves almost the same function as my localenv module, but it is less flexible because it is hard-coded to be read from $HOME/.pythonrc.py.