How to hide the password of postgresql in settings.py

[Sandip Nath]

I am a newbie to Django. Using Postgresql for CRUD operations. Although its working but I need to write the password of my Postgresql server in the settings.py. How can I hide that without hampering the operation?

[Bill Freeman]

You should be keeping settings.py secure.  There's other stuff that shouldn't be public. That's why the django project directories are not included in the pages that the front end web server is allowed to serve, among other things.  Security is tough.  There's no magic answer.

On Fri, Nov 30, 2018 at 12:51 PM Sandip Nath <techs...@gmail.com> wrote:

I am a newbie to Django. Using Postgresql for CRUD operations. Although its working but I need to write the password of my Postgresql server in the settings.py. How can I hide that without hampering the operation?

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/ea8bc539-a3be-44b4-af2f-e1b7f11d1539%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ljh.h...@gmail.com]

I typically create a second file which stores my sensitive data and import it as a variable.

Then can exclude say.. credentials.py when sharing code.

I don't know that this is an ideal solution, just something that I've taken as habit.

[Carsten Fuchs]

Am 30.11.18 um 18:50 schrieb Sandip Nath:

> I am a newbie to Django. Using Postgresql for CRUD operations. Although its
> working but I need to write the password of my Postgresql server in the
> settings.py. How can I hide that without hampering the operation?
>

In your settings.py, you could write something like:


from my_site import localconfig

DEBUG = localconfig.DEBUG
SECRET_KEY = localconfig.SECRET_KEY

# Rest of normal settings.py file
# ...


and in a minmal my_site/localconfig.py file:


DEBUG = True
SECRET_KEY = '...'


For completeness, be aware that some people consider local config files an anti
pattern. Personally, I've never found the arguments convincing, but use at your
own discretion.

Best regards,
Carsten

[vineeth sagar]

Use this

https://github.com/jpadilla/django-dotenv/blob/master/README.rst

If you have copied the GitHub template of .gitignore then the .env won't be in your history of vs. I used this in production and development without a single problem.

--
You received this message because you are subscribed to the Google Groups "Django users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.

To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.

To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/ddc528e3-12c1-6ba4-0f5b-1be7dad54acd%40cafu.de.