Re: Django SECRET KEY

2020-11-04 Thread Michael Rohan 
Hi Folks,

An extension of this local file is the project django-yamlconf (See
https://django-yamlconf.readthedocs.io/en/latest/).  It allows general
over-ride of settings.  It is my project (full disclosure).

Take care,
Michael.

On Wed, Nov 4, 2020 at 3:51 PM Mike Dewhirst  wrote:

> On 5/11/2020 1:54 am, Kegan Ronholt wrote:
> > What is the best practice for hiding SECRET key in settings.py in
> > production. I am finding all sorts of different ways to do it, but
> > none seem to work.
>
> I keep it in a file left out of the repository but in a "standard"
> location known to the web server.
>
> I have a simple utility to read the file into a list and just use a list
> item as the secret key. I like it because there are typicaly half a
> dozen different secrets per project. They include database credentials,
> email server details, captcha keys and so on. It is handy having a
> system to get all such stuff without needing to store it unsafely. I
> also like using the top few lines for credentials and lower lines for
> comments.
>
> My standard location for such files includes a directory name based on
> project name established in the settings so I don't have to think too
> hard to manage credentials of any sort when creating new projects.
>
> My view is that the only way secrecy can be compromised is if the server
> itself is pwned. At that point you have to start again anyway.
>
> Cheers
>
> Mike
>
> >
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Django users" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> > an email to django-users+unsubscr...@googlegroups.com
> > .
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/django-users/6660766c-6ed4-4500-9006-c8289158f749n%40googlegroups.com
> > <
> https://groups.google.com/d/msgid/django-users/6660766c-6ed4-4500-9006-c8289158f749n%40googlegroups.com?utm_medium=email_source=footer
> >.
>
>
> --
> Signed email is an absolute defence against phishing. This email has
> been signed with my private key. If you import my public key you can
> automatically decrypt my signature and be sure it came from me. Just
> ask and I'll send it to you. Your email software can handle signing.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/ad2ead73-7a13-b5ac-ee10-cf60edc92323%40dewhirst.com.au
> .
>


-- 
Michael Rohan
mro...@acm.org

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAOCsNFiQ%2BoTW-gSjh37jg0CBvFOw6kc3jrMvfDTB15LtP0BLiQ%40mail.gmail.com.

Re: Django SECRET KEY

2020-11-04 Thread Mike Dewhirst 
On 5/11/2020 1:54 am, Kegan Ronholt wrote:
> What is the best practice for hiding SECRET key in settings.py in
> production. I am finding all sorts of different ways to do it, but
> none seem to work.

I keep it in a file left out of the repository but in a "standard"
location known to the web server.

I have a simple utility to read the file into a list and just use a list
item as the secret key. I like it because there are typicaly half a
dozen different secrets per project. They include database credentials,
email server details, captcha keys and so on. It is handy having a
system to get all such stuff without needing to store it unsafely. I
also like using the top few lines for credentials and lower lines for
comments.

My standard location for such files includes a directory name based on
project name established in the settings so I don't have to think too
hard to manage credentials of any sort when creating new projects.

My view is that the only way secrecy can be compromised is if the server
itself is pwned. At that point you have to start again anyway.

Cheers

Mike

>
>
> -- 
> You received this message because you are subscribed to the Google
> Groups "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to django-users+unsubscr...@googlegroups.com
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/6660766c-6ed4-4500-9006-c8289158f749n%40googlegroups.com
> .


-- 
Signed email is an absolute defence against phishing. This email has
been signed with my private key. If you import my public key you can
automatically decrypt my signature and be sure it came from me. Just
ask and I'll send it to you. Your email software can handle signing.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/ad2ead73-7a13-b5ac-ee10-cf60edc92323%40dewhirst.com.au.

Re: Django SECRET KEY

2020-11-04 Thread Abhishek Choudhury 
I use the Environment variable that is in Windows and later in the script I
pull the values using os.environ.get('Key_Name')  #Since this is a
dictionary, we use '' " .

*With Best Regards,*
Abhishek Choudhury
Ph. No.: +91 7903717967
LinkedIN:  https://www.linkedin.com/in/yesabhishek/





On Wed, Nov 4, 2020 at 8:30 PM Kegan Ronholt  wrote:

> What is the best practice for hiding SECRET key in settings.py in
> production. I am finding all sorts of different ways to do it, but none
> seem to work.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/6660766c-6ed4-4500-9006-c8289158f749n%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CA%2B3kJUZWS%3D_UWYLXuYs8nncVUeo_MDG8jbBzshXg1_k_houZ4w%40mail.gmail.com.

Django SECRET KEY

2020-11-04 Thread Kegan Ronholt 
What is the best practice for hiding SECRET key in settings.py in 
production. I am finding all sorts of different ways to do it, but none 
seem to work.


-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/6660766c-6ed4-4500-9006-c8289158f749n%40googlegroups.com.

Re: Environment Variables for Django Secret Key etc On Windows 10 and Heroku

2020-09-15 Thread dum dum 
without any quotes.

[image: image.png]



On Tue, Sep 15, 2020 at 5:10 AM coolguy 
wrote:

> Did you input the variable value under single quote or without it?
>
> e.g. ''
>
> On Saturday, September 12, 2020 at 12:35:29 PM UTC-4 hanz...@gmail.com
> wrote:
>
>> Yes, I've seen so many tutorials. I did the same thing, and didn't work.
>> I believe there is something wrong with my Django Project. I don't know
>> what it is.
>> Still tinkering.
>>
>>
>> On Sat, Sep 12, 2020 at 9:38 PM Mbah Victor 
>> wrote:
>>
>>> Have you try googling your problem
>>>
>>> Victor
>>>
>>> On Sat, Sep 12, 2020, 9:34 AM dum dum  wrote:
>>>
>>>> I tried to put my Django Secret Key in Environment Variables.
>>>>
>>>> SECRET_KEY = os.environ.get('SECRET_KEY')
>>>>
>>>> I did save the SECRET_KEY on env var windows 10 like this
>>>> [image: image.png]
>>>>
>>>>
>>>> When I tried to py manage.py runserver, I got this error
>>>>
>>>> django.core.exceptions.ImproperlyConfigured: The SECRET_KEY setting must 
>>>> not be empty.
>>>>
>>>> I followed this
>>>>
>>>> https://stackoverflow.com/questions/19681102/my-django-secret-key-is-in-an-environment-variable-but-i-cant-do-syncdb
>>>>
>>>> But no idea with the solution..
>>>>
>>>> At this point, strange thing even occurred, I tried to py manage.py
>>>> without any SECRET_KEY on my Env Var on windows 10, and just leaving
>>>>   SECRET_KEY = os.environ.get('SECRET_KEY')
>>>> in my settings.py.
>>>>
>>>> I got no error.
>>>>
>>>> Strange.. But when I deployed it on heroku, it says the same error like
>>>> this
>>>> django.core.exceptions.ImproperlyConfigured: The SECRET_KEY setting
>>>> must not be empty.
>>>>
>>>> Is anyone here experienced the same stuck like me? Please kindly
>>>> advise. Thanks
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Django users" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to django-users...@googlegroups.com.
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/django-users/CANV3w%3DYdb3SuiC7KYrkN4bfieQx-fQxhm%2BPeMLpxJDWubVbwyA%40mail.gmail.com
>>>> <https://groups.google.com/d/msgid/django-users/CANV3w%3DYdb3SuiC7KYrkN4bfieQx-fQxhm%2BPeMLpxJDWubVbwyA%40mail.gmail.com?utm_medium=email_source=footer>
>>>> .
>>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Django users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to django-users...@googlegroups.com.
>>>
>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/django-users/CANTsAyc%3D%3DBLN7a0_c8rYd%3DsLHyWq78CHxAQr6Sa_PMcqtP7Cwg%40mail.gmail.com
>>> <https://groups.google.com/d/msgid/django-users/CANTsAyc%3D%3DBLN7a0_c8rYd%3DsLHyWq78CHxAQr6Sa_PMcqtP7Cwg%40mail.gmail.com?utm_medium=email_source=footer>
>>> .
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/11d60767-06d3-4d4c-8435-10151e5726cdn%40googlegroups.com
> <https://groups.google.com/d/msgid/django-users/11d60767-06d3-4d4c-8435-10151e5726cdn%40googlegroups.com?utm_medium=email_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CANV3w%3DYfmW4HTKVNdbkXKn5iNAd5%3DMt1OtLY60i%3DBni3yHSANw%40mail.gmail.com.

Re: Environment Variables for Django Secret Key etc On Windows 10 and Heroku

2020-09-14 Thread coolguy 
Did you input the variable value under single quote or without it?

e.g. ''

On Saturday, September 12, 2020 at 12:35:29 PM UTC-4 hanz...@gmail.com 
wrote:

> Yes, I've seen so many tutorials. I did the same thing, and didn't work. 
> I believe there is something wrong with my Django Project. I don't know 
> what it is.
> Still tinkering.
>
>
> On Sat, Sep 12, 2020 at 9:38 PM Mbah Victor  wrote:
>
>> Have you try googling your problem
>>
>> Victor
>>
>> On Sat, Sep 12, 2020, 9:34 AM dum dum  wrote:
>>
>>> I tried to put my Django Secret Key in Environment Variables.
>>>
>>> SECRET_KEY = os.environ.get('SECRET_KEY')
>>>
>>> I did save the SECRET_KEY on env var windows 10 like this
>>> [image: image.png]
>>>
>>>
>>> When I tried to py manage.py runserver, I got this error
>>>
>>> django.core.exceptions.ImproperlyConfigured: The SECRET_KEY setting must 
>>> not be empty.
>>>
>>> I followed this 
>>>
>>> https://stackoverflow.com/questions/19681102/my-django-secret-key-is-in-an-environment-variable-but-i-cant-do-syncdb
>>>
>>> But no idea with the solution..
>>>
>>> At this point, strange thing even occurred, I tried to py manage.py 
>>> without any SECRET_KEY on my Env Var on windows 10, and just leaving 
>>>   SECRET_KEY = os.environ.get('SECRET_KEY') 
>>> in my settings.py.
>>>
>>> I got no error.
>>>
>>> Strange.. But when I deployed it on heroku, it says the same error like 
>>> this 
>>> django.core.exceptions.ImproperlyConfigured: The SECRET_KEY setting 
>>> must not be empty. 
>>>
>>> Is anyone here experienced the same stuck like me? Please kindly advise. 
>>> Thanks 
>>>
>>> -- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "Django users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to django-users...@googlegroups.com.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/django-users/CANV3w%3DYdb3SuiC7KYrkN4bfieQx-fQxhm%2BPeMLpxJDWubVbwyA%40mail.gmail.com
>>>  
>>> <https://groups.google.com/d/msgid/django-users/CANV3w%3DYdb3SuiC7KYrkN4bfieQx-fQxhm%2BPeMLpxJDWubVbwyA%40mail.gmail.com?utm_medium=email_source=footer>
>>> .
>>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Django users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to django-users...@googlegroups.com.
>>
> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/django-users/CANTsAyc%3D%3DBLN7a0_c8rYd%3DsLHyWq78CHxAQr6Sa_PMcqtP7Cwg%40mail.gmail.com
>>  
>> <https://groups.google.com/d/msgid/django-users/CANTsAyc%3D%3DBLN7a0_c8rYd%3DsLHyWq78CHxAQr6Sa_PMcqtP7Cwg%40mail.gmail.com?utm_medium=email_source=footer>
>> .
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/11d60767-06d3-4d4c-8435-10151e5726cdn%40googlegroups.com.

Re: Environment Variables for Django Secret Key etc On Windows 10 and Heroku

2020-09-12 Thread dum dum 
Yes, I've seen so many tutorials. I did the same thing, and didn't work.
I believe there is something wrong with my Django Project. I don't know
what it is.
Still tinkering.


On Sat, Sep 12, 2020 at 9:38 PM Mbah Victor 
wrote:

> Have you try googling your problem
>
> Victor
>
> On Sat, Sep 12, 2020, 9:34 AM dum dum  wrote:
>
>> I tried to put my Django Secret Key in Environment Variables.
>>
>> SECRET_KEY = os.environ.get('SECRET_KEY')
>>
>> I did save the SECRET_KEY on env var windows 10 like this
>> [image: image.png]
>>
>>
>> When I tried to py manage.py runserver, I got this error
>>
>> django.core.exceptions.ImproperlyConfigured: The SECRET_KEY setting must not 
>> be empty.
>>
>> I followed this
>>
>> https://stackoverflow.com/questions/19681102/my-django-secret-key-is-in-an-environment-variable-but-i-cant-do-syncdb
>>
>> But no idea with the solution..
>>
>> At this point, strange thing even occurred, I tried to py manage.py
>> without any SECRET_KEY on my Env Var on windows 10, and just leaving
>>   SECRET_KEY = os.environ.get('SECRET_KEY')
>> in my settings.py.
>>
>> I got no error.
>>
>> Strange.. But when I deployed it on heroku, it says the same error like
>> this
>> django.core.exceptions.ImproperlyConfigured: The SECRET_KEY setting must
>> not be empty.
>>
>> Is anyone here experienced the same stuck like me? Please kindly advise.
>> Thanks
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to django-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/django-users/CANV3w%3DYdb3SuiC7KYrkN4bfieQx-fQxhm%2BPeMLpxJDWubVbwyA%40mail.gmail.com
>> <https://groups.google.com/d/msgid/django-users/CANV3w%3DYdb3SuiC7KYrkN4bfieQx-fQxhm%2BPeMLpxJDWubVbwyA%40mail.gmail.com?utm_medium=email_source=footer>
>> .
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/CANTsAyc%3D%3DBLN7a0_c8rYd%3DsLHyWq78CHxAQr6Sa_PMcqtP7Cwg%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-users/CANTsAyc%3D%3DBLN7a0_c8rYd%3DsLHyWq78CHxAQr6Sa_PMcqtP7Cwg%40mail.gmail.com?utm_medium=email_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CANV3w%3DYKsvpwWKd9co2TYWgv3jYcQmhSV3A_L9%3DZVFiT65L6Zw%40mail.gmail.com.

Re: Environment Variables for Django Secret Key etc On Windows 10 and Heroku

2020-09-12 Thread Mbah Victor 
Have you try googling your problem

Victor

On Sat, Sep 12, 2020, 9:34 AM dum dum  wrote:

> I tried to put my Django Secret Key in Environment Variables.
>
> SECRET_KEY = os.environ.get('SECRET_KEY')
>
> I did save the SECRET_KEY on env var windows 10 like this
> [image: image.png]
>
>
> When I tried to py manage.py runserver, I got this error
>
> django.core.exceptions.ImproperlyConfigured: The SECRET_KEY setting must not 
> be empty.
>
> I followed this
>
> https://stackoverflow.com/questions/19681102/my-django-secret-key-is-in-an-environment-variable-but-i-cant-do-syncdb
>
> But no idea with the solution..
>
> At this point, strange thing even occurred, I tried to py manage.py
> without any SECRET_KEY on my Env Var on windows 10, and just leaving
>   SECRET_KEY = os.environ.get('SECRET_KEY')
> in my settings.py.
>
> I got no error.
>
> Strange.. But when I deployed it on heroku, it says the same error like
> this
> django.core.exceptions.ImproperlyConfigured: The SECRET_KEY setting must
> not be empty.
>
> Is anyone here experienced the same stuck like me? Please kindly advise.
> Thanks
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/CANV3w%3DYdb3SuiC7KYrkN4bfieQx-fQxhm%2BPeMLpxJDWubVbwyA%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-users/CANV3w%3DYdb3SuiC7KYrkN4bfieQx-fQxhm%2BPeMLpxJDWubVbwyA%40mail.gmail.com?utm_medium=email_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CANTsAyc%3D%3DBLN7a0_c8rYd%3DsLHyWq78CHxAQr6Sa_PMcqtP7Cwg%40mail.gmail.com.

Environment Variables for Django Secret Key etc On Windows 10 and Heroku

2020-09-12 Thread dum dum 
I tried to put my Django Secret Key in Environment Variables.

SECRET_KEY = os.environ.get('SECRET_KEY')

I did save the SECRET_KEY on env var windows 10 like this
[image: image.png]


When I tried to py manage.py runserver, I got this error

django.core.exceptions.ImproperlyConfigured: The SECRET_KEY setting
must not be empty.

I followed this
https://stackoverflow.com/questions/19681102/my-django-secret-key-is-in-an-environment-variable-but-i-cant-do-syncdb

But no idea with the solution..

At this point, strange thing even occurred, I tried to py manage.py without
any SECRET_KEY on my Env Var on windows 10, and just leaving
  SECRET_KEY = os.environ.get('SECRET_KEY')
in my settings.py.

I got no error.

Strange.. But when I deployed it on heroku, it says the same error like
this
django.core.exceptions.ImproperlyConfigured: The SECRET_KEY setting must not
be empty.

Is anyone here experienced the same stuck like me? Please kindly advise.
Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CANV3w%3DYdb3SuiC7KYrkN4bfieQx-fQxhm%2BPeMLpxJDWubVbwyA%40mail.gmail.com.