0

I have a django project deployed in Heroku. It uses python-instragram.

I have a 'client secret' from an instragram client that I have. I use git/github for version control.

This client_secret is imported from an untracked file because I don't want to have it on my public github repo. I do something like this:

from core_keys import core_client_secret

CONFIG = {
'client_id': '83d1b794dfc24f5588378f88be67c586',
'client_secret': core_client_secret,
'redirect_uri': 'http://localhost:8515/oauth_callback'
}
api = client.InstagramAPI(**CONFIG)

I have core_keys.py added to .gitignore:

*/core_keys.py

When I deploy to heroku the app doesn't work obviously because the file that contains the client_secret was not pushed to heroku since it's in .gitignore.

How can I have this file on heroku without the need for a private repo, what approach should I use?

edu222
  • 486
  • 1
  • 7
  • 21
  • I don't know much about heroku, but can't you push a file somehow? As a last resort, have it received in a custom method with a POST – loopbackbee May 30 '13 at 04:51

2 Answers2

3

You should store the secrets as config vars in the environment.

friism
  • 19,068
  • 5
  • 80
  • 116
  • Yes this is perfect thanks! Can you maybe give me an example of how I can pass that environment var to a python file ? – edu222 May 30 '13 at 16:27
  • 1
    You don't have to stick them in a file, just read them from the environment: http://stackoverflow.com/questions/5971312/how-to-set-environmental-variables-in-python – friism May 30 '13 at 16:35
0

Just as a reference, ended up doing this:

On the terminal at my development machine:

heroku config:set INSTAGRAMSECRET=00000FFFFF

On the file where I need the environment var inside of Heroku:

import os
insta_secret = os.environ['INSTAGRAMSECRET']
edu222
  • 486
  • 1
  • 7
  • 21