diff --git a/siricontrol.py b/siricontrol.py
index b5ef526..cc9c932 100644
--- a/siricontrol.py
+++ b/siricontrol.py
@@ -3,16 +3,19 @@
 import email
 import os
 import pkgutil
+import sys
+import base64
+from os.path import expanduser, dirname, exists, join, abspath
 
-##########################################
 
-# Add your gmail username and password here
+##########################################
 
-username = ""
-password = ""
+# Add your gmail username and password to 
+# a file called .siricontrolsecret
 
 ##########################################
 
+SECFILE = ".siricontrolsecret"
 
 class ControlException(Exception):
     pass
@@ -128,6 +131,53 @@ def handle(self):
                 print("Restarting...")
             time.sleep(1)
 
+def _encode_password(mypwd):
+    if sys.version_info[0] == 2:
+        return base64.encodestring(mypwd).strip("\n")
+    else:
+        return base64.b64encode(mypwd.encode('utf-8')).decode('utf-8')
+
+def _decode_password(mypwd):
+    if sys.version_info[0] == 2:
+        return base64.decodestring(mypwd)
+    else:
+        return base64.b64decode(mypwd).decode('utf-8')
+
+def get_credentials():
+    # SECFILE can be placed in one of these directories
+    possible_locations = set([
+        expanduser('~'),            # home
+        abspath(dirname(__file__)), # same dir as script
+        os.getcwd()                 # working directory
+    ])
+    user = ""
+    pwd = ""
+    for dir_path in possible_locations:
+        sec_path = join(dir_path, SECFILE) 
+        if exists(sec_path):
+            try:
+                sf = open(sec_path, "r")
+                lines = sf.readlines()
+                user = lines[0].strip()
+                pwd = lines[1].strip()
+                sf.close()
+                if not pwd.startswith("{enc}"):
+                    # pwd not encoded
+                    pwd = "{enc}" + _encode_password(pwd)
+                    sf = open(sec_path, "w")
+                    sf.write("\n".join([user , pwd]))
+                    sf.close()
+                return user, _decode_password(pwd[5:])
+            except IOError as e:
+                print("Found " + sec_path + " but I couldn't read it: " + e)
+            except IndexError:
+                print("File " + sec_path + " must contain two lines, " + 
+                " username and password, to be valid.")
+    #still here? I couldn't find anything
+    raise Exception(SECFILE + 
+                    " not found, please create it" + 
+                    " in one of these folders:\n" +
+                    "\n".join(possible_locations))
 
 if __name__ == '__main__':
-    Control(username, password)
+    Control(*get_credentials())