I don’t fully understand the question, for example: I can’t see Django’s relationship with Docker in this context, but I will try to answer. If I understand, what you want is to hide sensitive information in a Jango project. Considering that this is what I will explain my approach (I use linux):
First I create a file of the type .yaml
which can be "parsed" by the package Pyyaml, in this archive I place the sensitive information to be read on setttings.py
from Django, below an example:
db:
default:
ENGINE: 'django.db.backends.postgresql_psycopg2'
NAME: 'nome-banco'
USER: 'user-name'
PASSWORD: 'change-me'
HOST: 'localhost'
PORT: '5432'
OPTIONS: {}
email:
email_host: 'smtp.<config>.com'
email_port: 587
email_host_user: 'no_reply@<email.com>'
email_host_password: '<your_password>'
use_tls: True
key: sdn2-%Hey-Jude_take-a-sad-song_and_make-it-better
Note that in this file are placed the information about the database, sending email and the key for creating tokens.
Then choose a place to put this file, for example in /etc/name-app/config.yaml
Create an environment variable that points to where that file will be stored (on the server, I do this on gunicorn), in the development environment, in my case this can be done with the export command:
export VARNAME='/path/to/file'
This command can be placed in your ~/. bashrc file, which you cite.
So in the file settings.py
from Django, first try to see if the variable exists in the system, if yes, I load the file from the path it points and assign the values to the variables, thus:
CONFIG = os.environ.get('VARNAME')
try:
with open(CONFIG, 'r') as f:
settings = yaml.safe_load(f)
except IOError as e:
print("I/O error({0}): {1}".format(e.errno, e.strerror))
raise
except:
print("Erro inesperado", sys.exc_info())
print("Erro inesperado", sys.exc_info()[0])
raise
# To send email
EMAIL_HOST = settings['email_host']
EMAIL_PORT = settings['email_port']
EMAIL_HOST_USER = settings['email_host_user']
EMAIL_FROM = settings['email_host_user']
EMAIL_HOST_PASSWORD = settings['email_host_password']
EMAIL_USE_TLS = settings['use_tls']
SECRET_KEY = settings['key']
DATABASES = settings['db']
Essentially, that is, no matter if your server or development environment is on the physical machine, on a virtual machine or in a Docker container.
If it’s not clear, say I’m trying to improve the answer.