The SECRET_KEY setting must not be empty - os.environ.get('SECRET_KEY')

1,870 views
Skip to first unread message

Valdinia - Office

unread,
Feb 27, 2022, 3:19:11 PM2/27/22
to Django users
On W10 I defined an environment variable: SECRET_KEY
In shell I can read the key:

>>> import os
>>> os.environ.get('SECRET_KEY')
'mysecretkey...'

But when I'm doing the same thing in settings.py I get:

\lib\site-packages\django\conf\__init__.py", line 90, in __getattr__
    raise ImproperlyConfigured("The SECRET_KEY setting must not be empty.")
django.core.exceptions.ImproperlyConfigured: The SECRET_KEY setting must not be empty.

I found all sorts of solutions, but none works for my app. What should I do?

Thank you!


Madhusudhan Reddy

unread,
Feb 27, 2022, 8:19:14 PM2/27/22
to django...@googlegroups.com
Secret key will be in settings.py file and you have to import that and use…

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/4afcfd9b-da0f-472e-b5d7-6339088bc4f6n%40googlegroups.com.

Abeer Eltanawy

unread,
Feb 28, 2022, 7:40:16 AM2/28/22
to django...@googlegroups.com
The way I do it is to add any env variables in a .env file in the same directory level as settings.py and then use decouple.config to extract the value from the file like this:

SECRET_KEY = config("DJANGO_SECRET_KEY")

Dev femibadmus

unread,
Mar 1, 2022, 5:03:36 PM3/1/22
to django...@googlegroups.com
Do u create the variable SECRET_KEY if no copy ur secret_key e.g "hdFgBv&$..." and create variable SECRET_KEY in ur env which could be or is ur hosting platform and give the value as ur secret_key

Mike Dewhirst

unread,
Mar 1, 2022, 10:26:07 PM3/1/22
to django...@googlegroups.com, Dev femibadmus
On 2/03/2022 9:00 am, Dev femibadmus wrote:
Do u create the variable SECRET_KEY if no copy ur secret_key e.g "hdFgBv&$..." and create variable SECRET_KEY in ur env which could be or is ur hosting platform and give the value as ur secret_key

On Sun, Feb 27, 2022, 21:19 Valdinia - Office <off...@valdinia.com> wrote:
On W10 I defined an environment variable: SECRET_KEY
In shell I can read the key:

>>> import os
>>> os.environ.get('SECRET_KEY')
'mysecretkey...'

But when I'm doing the same thing in settings.py I get:

\lib\site-packages\django\conf\__init__.py", line 90, in __getattr__
    raise ImproperlyConfigured("The SECRET_KEY setting must not be empty.")
django.core.exceptions.ImproperlyConfigured: The SECRET_KEY setting must not be empty.

I found all sorts of solutions, but none works for my app. What should I do?

SECRET_KEY belongs in settings.py as a string

Therefore, if you wish to avoid putting it in there directly (as we all do) you must call a function which returns a string.

SECRET_KEY = get_secret_key()

... where you write get_secret_key() to pull it from the environment or a file somewhere which is not in your repository.

In my case, I wrote get_creds() as a general purpose retriever of credentials and other bits and pieces which don't belong in the repository and/or change between servers, eg., staging vs production vs development etc. I keep those credentials in separate files in a standard location on every server.

That is only suitable for servers I control.

Cheers

Mike





Thank you!


--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/4afcfd9b-da0f-472e-b5d7-6339088bc4f6n%40googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAD9bWYyaM2pfg_dvyxk_-UtAqOSi7viT51mX4OxwomFW9sU7Bg%40mail.gmail.com.


-- 
Signed email is an absolute defence against phishing. This email has
been signed with my private key. If you import my public key you can
automatically decrypt my signature and be sure it came from me. Just
ask and I'll send it to you. Your email software can handle signing.
OpenPGP_signature

Adeyemi Deji

unread,
Mar 1, 2022, 10:46:34 PM3/1/22
to django...@googlegroups.com, Dev femibadmus
I also get this error anytime I deploy. It works on developments mode. I suspect the error coming as a result of adding .env to .gitignore, which doesn't reflect on GitHub and heroku  doesn't have access to .env file. Pls how do I sort this out? 

Thanks in advance for your help

Adeyemi Deji

unread,
Mar 1, 2022, 10:52:46 PM3/1/22
to django...@googlegroups.com, Dev femibadmus
I used dotenv module installed with pip

Carsten Fuchs

unread,
Mar 2, 2022, 1:50:50 AM3/2/22
to django...@googlegroups.com
Am 02.03.22 um 04:23 schrieb Mike Dewhirst:
> ... where you write get_secret_key() to pull it from the environment or a file somewhere which is not in your repository.

A variant of this that I like is to have a file like localconfig.example in the repository next to settings.py that contains e.g.
DATABASES = ... # dummy or default config
SECRET_KEY = 'example'

On installation, the file is then copied to localconfig.py, where it is *ignored* by svn, git, etc. The file is then customized for production, development, …

In settings.py, there is

from project_dir import localconfig
# ...
DEBUG = localconfig.DEBUG
SECRET_KEY = localconfig.SECRET_KEY
DATABASES = localconfig.DATABASES
# ...

This works very well and is simple, safe and convenient.

Best regards,
Carsten

Adeyemi Deji

unread,
Mar 2, 2022, 10:47:07 PM3/2/22
to django...@googlegroups.com
Thanks Carsten, It's also a great method.
What do u mean by on installation @On installation, the file is then copied to localconfig.py, where it is *ignored* by svn, git, etc. The file is then customized for production, development, …

Do u mean during deployment?

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.

Carsten Fuchs

unread,
Mar 3, 2022, 1:42:16 AM3/3/22
to django...@googlegroups.com
Am 03.03.22 um 04:43 schrieb Adeyemi Deji:
> What do u mean by on installation @On installation, the file is then copied to localconfig.py, where it is *ignored* by svn, git, etc. The file is then customized for production, development, …
>
> Do u mean during deployment?

During development, you create two files:

localconfig.example
This file contains only example data, comments/instructions and *irrelevant* data, such as *fake* secret keys, fake database passwords, etc. This file is committed to the repository. Its *only* purpose is to serve as an example and be copied to filename localconfig.py later.

localconfig.py
Created from a copy of localconfig.example, during development you must make sure that this file is never committed to your repository. This is achieved by telling the repository to ignore it, e.g. Git by editing the .gitignore file appropriately, Subversion with the svn:ignore property. Still during development, you customize the file as needed for development, i.e. insert the required database details, DEBUG = True, etc.

For deployment, when you first clone the repository on the production server, it will come with the localconfig.example file, but not with the localconfig.py file, as intended. As part of the installation, you copy localconfig.example to localconfig.py and customize it for production (production database, etc.). Done.

Variants of this approach are possible, e.g. keeping the localconfig.py file entirely outside of the project directory, where it is in even less danger to be accidentally committed. Or to store the values not in a py, but in a json, ini, txt, ... file that is loaded and parsed in settings.py.

Best regards,
Carsten

Adeyemi Deji

unread,
Mar 3, 2022, 3:52:11 AM3/3/22
to django...@googlegroups.com
Thank u so much. A really useful information I never knew existed. Really appreciate it.



--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages