1

I am following How to sign in with the Google+ API using Django? to use Google Sign In for my Django app. I am on the step that says

Add the SOCIAL_AUTH_GOOGLE_OAUTH2_KEY and SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET settings with the client key and secret you created earlier.

I am wary of adding these directly to settings.py because they will then be committed to my git repo. How can I make these values available in my app without exposing them unnecessarily?

I think environment variables are common for this purpose. I also see that I can download a JSON file from my Google Developer Console.

Code-Apprentice
  • 81,660
  • 23
  • 145
  • 268

1 Answers1

1

As mentioned here, the idea is to only version a template for settings.py, not the actual file (with its secret values)

I prefer for that using a content filter driver as I describe here.
That would generate automatically your settings.py with the correct values on git checkout.
And you need to do is then figure out from where you want to fetch those sensitive values. For instance, an online Hashicorp Vault.

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250