From c1bbcd0706c5ae334d133762277ecab4739b5d1f Mon Sep 17 00:00:00 2001 From: Peter Schmidt Date: Mon, 7 Oct 2019 18:08:17 +1100 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=93=F0=9F=99=88=20Publish=20a=20SECRET?= =?UTF-8?q?=5FKEY?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I fold (for now at least). Supporting secure out of the box would be nice, but I can also see it's close to the too-hard basket for people who're just volunteering and not renumerated (it is the kind of thing that becomes an issue as soon as one goes past the just trying it out stage though): https://help.pythonanywhere.com/pages/environment-variables-for-web-apps https://stackoverflow.com/questions/15170637/effects-of-changing-djangos-secret-key/15383766 https://github.com/DjangoGirls/tutorial-extensions/issues/101 --- .gitignore | 2 +- myponysite/settings.py | 2 +- requirements.txt | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index ae9bcf4..f1066d3 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,4 @@ myvenv/ db.sqlite3 /static .DS_Store -secrets/ +.env diff --git a/myponysite/settings.py b/myponysite/settings.py index 27e684a..c85278f 100644 --- a/myponysite/settings.py +++ b/myponysite/settings.py @@ -20,7 +20,7 @@ # See https://docs.djangoproject.com/en/2.2/howto/deployment/checklist/ # SECURITY WARNING: keep the secret key used in production secret! -SECRET_KEY = os.environ['SECRET_KEY'] +SECRET_KEY = "yeg-*ht$p#f%w)kz498c3%6c268wkpa%cza74r56h(zj&oy^ws" # SECURITY WARNING: don't run with debug turned on in production! DEBUG = True diff --git a/requirements.txt b/requirements.txt index 2c8d724..a692905 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1,2 @@ Django~=2.2.4 +python-dotenv