Safe way to set keys, such as Stripe keys, in settings?

[Bill Talcott]

Hello. This should be simple, but... I haven't found a good answer.

I have the following setting in config.settings.base.py:

STRIPE_TEST_PUBLIC_KEY = os.environ.get("STRIPE_TEST_PUBLIC_KEY", "<secret-key-here>")

It works, but am I right to worry about exposing a secret key for payments in base.py? 

I've tried to put the key in my .env file. For example, I've tried:

STRIPE_TEST_PUBLIC_KEY = env("STRIPE_TEST_PUBLIC_KEY")

with the key saved in a .env file, but I get 'ImproperlyConfigured: Set the STRIPE_WEBHOOK environment variable.'

I'm using django 2.2 on Heroku, a build from cookiecutter-django, which uses django-environ to help handle settings. 

Any suggestions?

[Mohamed A]

In heroku online platform add STRIPE_TEST_PUBLIC_KEY as environment variable. Then, STRIPE_TEST_PUBLIC_KEY = os.environ.get("STRIPE_TEST_PUBLIC_KEY") 

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/961a84d3-fa36-47fb-ad28-f518e43e0179%40googlegroups.com.

[Bill Talcott]

Yes, that's it. Thank you, Mohamed!