Commit 9f876575 authored by Alexander Færøy's avatar Alexander Færøy 🍍
Browse files

Merge branch 'move_secret' into 'main'

Move SECRET_KEY out of Settings.py #5

See merge request !2
parents 1155ab47 10f00cae
......@@ -3,3 +3,4 @@
src/static/
src/core/migrations
.env
src/secrets.json
......@@ -15,13 +15,14 @@ We currently run a trial instance of this project on
# To run it locally
You need to start by setting the `SECRET_KEY` variable in
`src/lobby/settings.py`. This value can be an arbitrary string, and you should
never commit changes to `settings.py`.
`src/secrets.json'. This value can be an arbitrary string, and you should
never commit changes to `settings.py`. Secrets.json is currently added to
the .gitignore to avoid commits.
Then run the following commands:
```
$ virtualenv -p python3.7 .env
$ virtualenv -p python3.7 .env
$ source .env/bin/activate
$ pip install -r requirements.txt
$ python src/manage.py makemigrations
......
import os
import json
from django.core.exceptions import ImproperlyConfigured
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
# Assign secrets.json to variable secrets_filepath
secrets_filepath = os.path.join(BASE_DIR,'secrets.json')
# Retrieve secrets from secrets json dictionary and load into memory
with open(secrets_filepath) as secrets_contents:
secrets = json.load(secrets_contents)
def get_secret(setting, secrets=secrets):
"""Get secret setting from json, or fail with ImproperlyConfigured"""
try:
return secrets[setting]
except KeyError:
raise ImproperlyConfigured(f"You have not set the {setting} setting")
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/3.0/howto/deployment/checklist/
......@@ -100,11 +116,11 @@ ALLOWED_HOSTS = ["localhost"]
DEBUG = True
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = ""
SECRET_KEY = get_secret('SECRET_KEY')
# SECURITY WARNING: Gitlab credentials.
GITLAB_URL = "https://gitlab.torproject.org/"
GITLAB_SECRET_TOKEN = ""
GITLAB_SECRET_TOKEN = get_secret('GITLAB_SECRET_TOKEN')
# SECURITY: List of suffixes to automatic approve for email accounts.
AUTO_ACCEPT_LIST = ["riseup.net"]
AUTO_ACCEPT_LIST = get_secret('AUTO_ACCEPT_LIST')
{
"SECRET_KEY":"",
"GITLAB_SECRET_TOKEN":"",
"AUTO_ACCEPT_LIST":""
}
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment