Because of test db re-creating every time when I start unittests so I can't store access token (secret data) there. Also I can't store token directly in code, because I want to push it to github. There is some elegant and easy way to save access token once without any additional files?
Asked
Active
Viewed 240 times
1
-
This may help. http://stackoverflow.com/questions/5132152/when-you-have-secret-key-in-your-project-how-can-pushing-to-github-be-possible – DhruvPathak Aug 16 '16 at 13:28
2 Answers
1
Make a .toml file. Then use pytoml to parse it.
For example:
>>> with open('file.toml', 'rb') as fin:
... obj = toml.load(fin)
>>> obj
{'secret': 8287474}
Do not commit this file to github!
Best practices are:
- Have example.toml file with empty values(This one you can commit)
- Use test.toml/production.toml/development.toml for different envs
- Divide it to categories and add comments so new developers will understand.
Or Duan
- 13,142
- 6
- 60
- 65
-
Downvoted. This solution does not take care of the security,encryption,public access of the token on github part. – DhruvPathak Aug 16 '16 at 13:29
-
It is, you just need to commit the example file and not the production one @DhruvPathak – Or Duan Aug 16 '16 at 13:31
-
Can you please give me an example of project (on github) that uses this approach? @Or Duan – ledu Aug 16 '16 at 14:12
-
@KhasanKhafizov Flask, a famous web framework talk about it on the docs here: http://flask.pocoo.org/docs/0.11/config/#configuring-from-files They use different format but the same approach. If the answer helps, please accept it. thanks :) – Or Duan Aug 16 '16 at 17:00
0
Accepted wisdom says to store keys (and other config variables) in environment variables, as per the 12factor directives.
In Django (or Python, for that matter), you can simply read the key in your settings file with
import os
...
SECRET_KEY = os.environ['SECRET_KEY']
...
Mathieu Dhondt
- 8,405
- 5
- 37
- 58