--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/4b09223d-d58f-4fda-b3f7-64b230960d94%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Hi,
Environment variables are the best option for not embedding sensitive information in files which have chances to be stored in places such as external source repositories (GitHub et al.).
If you are working with orchestrators such as Kubernetes, you can use the "secrets", which are specialized shared configuration data, stored in encrypted form. As shared configuration data, they bring the extra benefit over env vars of being manageable from a single central place, and then distributed to all the replicas and services which need them.
Best regards
Eric
Environment variables are the best option for not embedding sensitive information in files
However some people (me that is :-) think that environment variables, though widely used, are an ugly hack for this problem.
I explain the way I do it (TLDR; production settings must be stored in a different "deployment" repository, preferably with any secrets encrypted) in https://www.crowdcast.io/e/deploying-django, from 38m10s to 46m30s.
Regards,
Antonis
Antonis Christofides http://djangodeployment.com
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/DB7P193MB0331039E86ABAEFF1B794D898CA10%40DB7P193MB0331.EURP193.PROD.OUTLOOK.COM.
Env vars are considered bad in contexts where everything runs in the same... environment. And I too have considered them as hacks or as options to avoid by all means.
But times are changing, and nowadays there is a move towards containerized apps, even outside the cloud context. And we are no more now in the traditional initial hype phase, which means that the approach
has proven its benefits (and also its constraints and maybe weaknesses). As an example of a real life work project, I've deployed a docker compose stack on RaspberryPi's for running an instrumentation system, to avoid having to install each and every component
and manage the possible conflicts or interferences between them. It works 24/7 for months now without any hiccup. Containers really shine for relieving you from DLLs/shared libs/packages/... hell.
That being said, in such an architecture, each container is an isolated environment, and thus you can use env vars without fearing that someone else could tampered with them.
So perhaps the time is coming for considering env vars are no more the evil :) It depends on when and how you use them.
Best
Eric
DEBUG is enabled, and there is a 500 server internal error, and the default 500 template is used to render the response,
all of your secret information is shown in the browser output
You're perfectly right about the "500 Error + DEBUG" case.
One solution is to set DEBUG to off by default, and turn it on by code in the setting module if detecting that the app is executing in a dev or Q&A environment. Depending on your context, this can be done with rules
based on the host name or some other properties of the target systems.
Best
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/DB7P193MB03311541D366207EF76069C28CA10%40DB7P193MB0331.EURP193.PROD.OUTLOOK.COM.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/f5a1498a-3383-4219-b10e-e3e64f164658%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/DB7P193MB03311541D366207EF76069C28CA10%40DB7P193MB0331.EURP193.PROD.OUTLOOK.COM.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CA%2BSr5mTee6UdLUqXUnr8Pz1HNp5YTL%2BMME3-gjp_Mc-Q2CNJNQ%40mail.gmail.com.
How is github "security" going to help you keep your passwords safe
IMHO, it does not.
As you wrote, env vars configured on the target system (be it a bare server or a Dockerized environment in the cloud) seem to be safer on this point since not stored anywhere but on the target.
Eric
ln -s /etc/django/app1/settings.py /path/to/app1/app1/
git checkout DEBUG_branch
eb use PRODUCTION_environment
eb deploy
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/5e34a2a5-e226-4688-9d53-d5151bb741be%40googlegroups.com.