Django and git projects

Question

Django and git projects

How can I handle the security of web frameworks like django on github or any other public domain version control site.

settings.py can and often contains confidential database information, passwords and secret keys that should not be uploaded to the repository and in a visible manner.

What is common practice and the least difficult way to handle this?

+5

git python github django

Jaberwocky Jul 11 '17 at 2:38

source share

4 answers

I usually use different settings.py for each stage (development, testing and development). The only thing I keep in version control is the one that corresponds to the development. Other settings.py are internal and, if necessary, are copied to each server instance (testing and production).

Hope this helps.

0

jgmh Jul 11 '17 at 2:46

source share

Simple answer: add it to .gitignore . However, if you are going to share your Django application, you need to provide at least the parts that you edited for your application.

0

Owen hempel Jul 11 '17 at 2:47

source share

The password and confidential information are stored in my case in the individual settings dev_settings.py and prod_settings.py both files are in .gitignore . In settings.py I can switch between them through the Environment as follows:

 DEV_SETTINGS = '_XXXXX_' if os.environ.get('PROJECT_NAME_PROD', 'NO') == 'YES': from project.prod_settings import * else: from project.dev_settings import *

With this, you can still have your settings.py in the repository.

0

mbieren Jul 11 '17 at 6:51

source share

John moutafis · Accepted Answer · 2017-07-11T08:54:48+0000

As @Selcuk mentions, the 12 Factor App provides good guidance on protecting and isolating your sensitive information.

In another answer here: Django settings: raise KeyError, raise WrongConfigured or use default values?
I explain the method that I usually use to be as close as possible to the recommendations of 12 factors.
In sorting:

Create a .env or .ini file with your project variables in it:

 DB_USERNAME=myDB DB_PASSWORD=for_your_eyes_only DEBUG=False MY_DJANGO_KEY=no_peeking_this_is_secret ...

Add .env and .env.* Or .ini and .ini.* your .gitignore file, thereby protecting your sensitive information from being uploaded to github.
Create env.example (be careful not to name it . At the beginning, because it will be ignored). In this file you can specify an example of the expected configuration to be re-produced simply copy, paste, rename to .ini or .env .

Use decouple.config to read your configuration file:

on settings.py

 from decouple import Csv, config DEBUG = config('DEBUG', cast=bool, default=True) SECRET_KEY = config('MY_DJANGO_KEY') ...

Django and git projects

More articles: