1
In my Django project I have some sensitive variables, which I need to 'hide'.
In general, save them in a file . env and read them with
DADO_SENSIVEL = os.environ.get("DADO_SENSIVEL", default="")..
I’d like to understand the difference between me saving these variables in the .env, in the .bashrc and in the .bash_profile
Does the answer depend on using Docker? If so, what would be the difference using and not using Docker?
2
I don’t fully understand the question, for example: I can’t see Django’s relationship with Docker in this context, but I will try to answer. If I understand, what you want is to hide sensitive information in a Jango project. Considering that this is what I will explain my approach (I use linux):
First I create a file of the type .yaml which can be "parsed" by the package Pyyaml, in this archive I place the sensitive information to be read on setttings.py from Django, below an example:
db:
default:
ENGINE: 'django.db.backends.postgresql_psycopg2'
NAME: 'nome-banco'
USER: 'user-name'
PASSWORD: 'change-me'
HOST: 'localhost'
PORT: '5432'
OPTIONS: {}
email:
email_host: 'smtp.<config>.com'
email_port: 587
email_host_user: 'no_reply@<email.com>'
email_host_password: '<your_password>'
use_tls: True
key: sdn2-%Hey-Jude_take-a-sad-song_and_make-it-better
Note that in this file are placed the information about the database, sending email and the key for creating tokens.
Then choose a place to put this file, for example in /etc/name-app/config.yaml
Create an environment variable that points to where that file will be stored (on the server, I do this on gunicorn), in the development environment, in my case this can be done with the export command:
export VARNAME='/path/to/file'
This command can be placed in your ~/. bashrc file, which you cite.
So in the file settings.py from Django, first try to see if the variable exists in the system, if yes, I load the file from the path it points and assign the values to the variables, thus:
CONFIG = os.environ.get('VARNAME')
try:
with open(CONFIG, 'r') as f:
settings = yaml.safe_load(f)
except IOError as e:
print("I/O error({0}): {1}".format(e.errno, e.strerror))
raise
except:
print("Erro inesperado", sys.exc_info())
print("Erro inesperado", sys.exc_info()[0])
raise
# To send email
EMAIL_HOST = settings['email_host']
EMAIL_PORT = settings['email_port']
EMAIL_HOST_USER = settings['email_host_user']
EMAIL_FROM = settings['email_host_user']
EMAIL_HOST_PASSWORD = settings['email_host_password']
EMAIL_USE_TLS = settings['use_tls']
SECRET_KEY = settings['key']
DATABASES = settings['db']
Essentially, that is, no matter if your server or development environment is on the physical machine, on a virtual machine or in a Docker container.
If it’s not clear, say I’m trying to improve the answer.
1
You can use python-decouple, with it it is possible to insert the data in Settings.py.. pulling data from an external file . env or . ini in which you declare constant strings as in the example below:
#nome_do_projeto/setting.py
from decouple import config
DEBUG = config('DEBUG', default=False, cast=bool)#a opção cast declara o tipo.
SECRET_KEY = config('SECRET_KEY')
instead of:
DEBUG=TRUE
SECRET_KEY = "sejalqualforakey"
and within the file . env:
#raiz_do_projeto/.env:
DEBUG=TRUE
SECRET_KEY=sejalqualforakey
and if you need to insert a list for example in ALLOWED_HOSTS:
ALLOWED_HOSTS = config('ALLOWED_HOSTS', default=[], cast=Csv())
here the cast contains a Csv method that needs to be imported into:
from decouple import config, Csv
and in . env:
ALLOWED_HOSTS=127.0.0.1, .localhost
1
I like to use the python decouple to do this
Have a tutorial here
Browser other questions tagged python-3.x django docker bash env
You are not signed in. Login or sign up in order to post.