Re: Removing SECRET_KEY from settings.py

2011-09-17 Thread DrBloodmoney 
On Fri, Sep 16, 2011 at 8:54 PM, Tim Chase
 wrote:
> Just returning to some Django work after a time away, I (re)started an old
> project in 1.3 and hit an early issue.  I'd like to keep my settings.py
> under revision-control that is somewhat publicly accessible, but don't want
> my SECRET_KEY exposed.  The solution I've opted for is the following excerpt
> of my settings.py on which I'm hoping for feedback:
>
>  SECRET_FILE = "secret.txt"
>  if os.path.exists(SECRET_FILE):
>    SECRET_KEY = file(SECRET_FILE).read()
>  else:
>    from random import choice
>    SECRET_KEY = ''.join([
>      choice(
>      'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)'
>      ) for i in range(50)])
>    f = file(SECRET_FILE, 'w')
>    f.write(SECRET_KEY)
>    f.close()
>
> (key generation ripped directly from
> core/management/commands/startproject.py )
>
> As best I can tell, this should allow me to place secret.txt on machines I
> control, while allowing others to freely download the code and deploy on
> their end with minimal trouble.
>
> Any input would be greatly appreciated,
>
> -tkc


settings.py/
|- __init__.py
|- base.py
|- development.py
|- production.py
|- secret.py # <== not in version control

then in __init__.py:

from base import *
from secret import *

if DEBUG:
from development import *
else:
from production import *

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Removing SECRET_KEY from settings.py

2011-09-16 Thread Rafael Durán Castañeda 
In addition you  can add a local_settings.py.template on repository instead
of local_settings.py, so for developtment you can add some fixed fake values
for testing and edit with production suitable values when needed.

2011/9/17 Donald Stufft 

> $ cat settings.py
>
> ….
>
> try:
> from local_settings import *
> except ImportError:
> pass
>
>
> $ cat local_settings.py
>
> ….
> SECRET_KEY = "blah"
>
> On Friday, September 16, 2011 at 8:54 PM, Tim Chase wrote:
>
> Just returning to some Django work after a time away, I
> (re)started an old project in 1.3 and hit an early issue. I'd
> like to keep my settings.py under revision-control that is
> somewhat publicly accessible, but don't want my SECRET_KEY
> exposed. The solution I've opted for is the following excerpt of
> my settings.py on which I'm hoping for feedback:
>
> SECRET_FILE = "secret.txt"
> if os.path.exists(SECRET_FILE):
> SECRET_KEY = file(SECRET_FILE).read()
> else:
> from random import choice
> SECRET_KEY = ''.join([
> choice(
> 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)'
> ) for i in range(50)])
> f = file(SECRET_FILE, 'w')
> f.write(SECRET_KEY)
> f.close()
>
> (key generation ripped directly from
> core/management/commands/startproject.py )
>
> As best I can tell, this should allow me to place secret.txt on
> machines I control, while allowing others to freely download the
> code and deploy on their end with minimal trouble.
>
> Any input would be greatly appreciated,
>
> -tkc
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Removing SECRET_KEY from settings.py

2011-09-16 Thread Donald Stufft 
$ cat settings.py

….

try:  
 from local_settings import *
except ImportError:
 pass


$ cat local_settings.py

….
SECRET_KEY = "blah"


On Friday, September 16, 2011 at 8:54 PM, Tim Chase wrote:

> Just returning to some Django work after a time away, I  
> (re)started an old project in 1.3 and hit an early issue. I'd  
> like to keep my settings.py under revision-control that is  
> somewhat publicly accessible, but don't want my SECRET_KEY  
> exposed. The solution I've opted for is the following excerpt of  
> my settings.py on which I'm hoping for feedback:
>  
>  SECRET_FILE = "secret.txt"
>  if os.path.exists(SECRET_FILE):
>  SECRET_KEY = file(SECRET_FILE).read()
>  else:
>  from random import choice
>  SECRET_KEY = ''.join([
>  choice(
>  'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)'
>  ) for i in range(50)])
>  f = file(SECRET_FILE, 'w')
>  f.write(SECRET_KEY)
>  f.close()
>  
> (key generation ripped directly from  
> core/management/commands/startproject.py )
>  
> As best I can tell, this should allow me to place secret.txt on  
> machines I control, while allowing others to freely download the  
> code and deploy on their end with minimal trouble.
>  
> Any input would be greatly appreciated,
>  
> -tkc
>  
>  
>  
> --  
> You received this message because you are subscribed to the Google Groups 
> "Django users" group.
> To post to this group, send email to django-users@googlegroups.com 
> (mailto:django-users@googlegroups.com).
> To unsubscribe from this group, send email to 
> django-users+unsubscr...@googlegroups.com 
> (mailto:django-users+unsubscr...@googlegroups.com).
> For more options, visit this group at 
> http://groups.google.com/group/django-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Removing SECRET_KEY from settings.py

2011-09-16 Thread Tim Chase 
Just returning to some Django work after a time away, I 
(re)started an old project in 1.3 and hit an early issue.  I'd 
like to keep my settings.py under revision-control that is 
somewhat publicly accessible, but don't want my SECRET_KEY 
exposed.  The solution I've opted for is the following excerpt of 
my settings.py on which I'm hoping for feedback:


  SECRET_FILE = "secret.txt"
  if os.path.exists(SECRET_FILE):
SECRET_KEY = file(SECRET_FILE).read()
  else:
from random import choice
SECRET_KEY = ''.join([
  choice(
  'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)'
  ) for i in range(50)])
f = file(SECRET_FILE, 'w')
f.write(SECRET_KEY)
f.close()

(key generation ripped directly from 
core/management/commands/startproject.py )


As best I can tell, this should allow me to place secret.txt on 
machines I control, while allowing others to freely download the 
code and deploy on their end with minimal trouble.


Any input would be greatly appreciated,

-tkc



--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.