0

I have a django app that uses env variables for things like db passwords, django_secret_key, api keys, etc.

I want to use the env variables in production, but want to keep the values of those values out of git. What is the best way to:

  1. Store sensitive production environment variables
  2. Load the variables into the production environment

Thanks in advance.

Ken Smith
  • 45
  • 2
  • 6

2 Answers2

0

Your question might be very opinion based ...

  • You could for example read stuff from a configuration file which is not the settings.py.
  • You could split the settings with local-devel.py which overrides stuff in settings.py

See for example here: https://code.djangoproject.com/wiki/SplitSettings or this so question: How to manage local vs production settings in Django? (which I personally find ugly ...).

I use salt-stack and put all the sensitive information in the pillars, but that might be an overkill for a single developer.

You can than use some state to set the environment variables such that your wsgi app can see these variables.

Community
  • 1
  • 1
oz123
  • 27,559
  • 27
  • 125
  • 187
  • 1
    Thanks for the response. I wound up using a combination of git-encrypt to save sensitive info in git and Fabric/ansible templates to load the sensitive info into my production environment. – Ken Smith Mar 20 '16 at 19:36
0

You can have your files (configuration files) on your server. You can have a default configuration file in the repo for reference but the one with the production values you can "hide" using:

https://git-scm.com/docs/git-update-index

--assume-unchanged

git update-index --assume-unchanged <path>

In case you need to print out list of files marked with the --assume-unchanged flag: 

git ls-files -v|grep '^h'

enter image description here

oz123
  • 27,559
  • 27
  • 125
  • 187
CodeWizard
  • 128,036
  • 21
  • 144
  • 167