1

I am new to Django, and I have to handle a project that was written by someone else. The project contains a file settings.py that contains many settings, some of which appear to be secret or environment-specific (such as the exact URL for login). So should I probably exclude this file from source control (put it in .gitignore). But then, each developer running this application on a new server should build this large file from scratch, which is quite hard. What is the common way to handle this file, such that the secret settings are not in source-control, but the many technical details are there so that it is easy to install the application on a new server? I will be happy to see an example of how it should be done.

Erel Segal-Halevi
  • 33,955
  • 36
  • 114
  • 183
  • 1
    The settings.py should be source-controlled. The secrets are handled via environment variables. For example here: https://stackoverflow.com/a/62925707/2952486 – mailivres Jul 18 '23 at 07:35
  • In addition, if you have some settings that are not simple values you can put in an env var, you can create a git-ignored `settings_local.py` as described in [Django local settings](https://stackoverflow.com/questions/4909958/django-local-settings) answers that will override `settings.py`; though be aware that you cannot use this method on some deployment platforms (particularly those where you deploy via `git push`). Put default values into `settings.py`, and let each developer override it in their local config, if they wish. Ideally, secrets would still be passed through environment, though. – Amadan Jul 18 '23 at 07:57
  • 1
    I use python-dotenv package (https://github.com/theskumar/python-dotenv) and in an .env file I include all the secret settings including the secret key, database connection details, API keys, and so on. Of course, you will need to refer to your .env file in your .gitignore file in order to NOT include .env settings in versioning control, and there are a few other configs you need to take care of when using python-dotenv. This is one way of handling your requirements, but there are others such as python-decouple (https://github.com/HBNetwork/python-decouple). – Fernando Soares Jul 18 '23 at 12:46

0 Answers0