search

SpaceyaTech / mastori

Mastori is a community-driven open-source project that aims to provide a simple and efficient blogging platform built for the Dev Community
https://www.spaceyatech.com/
22 stars 54 forks source link

Django secrets #65

Closed JimmyTron closed 1 year ago

JimmyTron commented 1 year ago

Having all secrets saved in .env file These should include database username and password and any other key that isn't supposed to be visible `Can this be put in an env file instead of in code?

_Originally posted by @nyandika in https://github.com/SpaceyaTech/Team-Rio-Django/pull/48#discussion_r1030619058_`

sangkips commented 1 year ago

Yes we can do a .env.sample file because we are not using dockerize environment so that if I want to use the credentials you have set then I will only copy them. The .env file will not be push to the GitHub that's why I am saying we use .env.sample file

OyugoObonyo commented 1 year ago

We could as well have the .env file and share it among ourselves in our Whatsapp so that we can all have a copy locally. Then add the fields in the .env file as Github secrets in case we intend to use them for image builds or running CI/CD pipelines.

JimmyTron commented 1 year ago

We could as well have the .env file and share it among ourselves in our Whatsapp so that we can all have a copy locally. Then add the fields in the .env file as Github secrets in case we intend to use them for image builds or running CI/CD pipelines.

πŸ‘πŸ‘ Have also been pondering on how to share the .env files since in some instance we had to all create our own and some stuff was not actually working. But this also doesn't mean we must all use the same credentials whoever could use their own custom set.

OyugoObonyo commented 1 year ago

People can maintain different values for their environment variables of course. But the environment variable names have to be the same of course. Case in point, you can set the value of the DATABASE_PASSWORD variable as "password123. But you shouldn't be changing the environment variable name in the shared template to MY_DATABASE_PASSWORD

OyugoObonyo commented 1 year ago

@JimmyTron what are we settling at as the final approach for this issue?

JimmyTron commented 1 year ago

For myself I would be comfortable using the django-dotenv to store the env variables. IMG-20221209-WA0019 It should look something like this☝️

OyugoObonyo commented 1 year ago

This looks okay. I hope you put DEBUG there as an example though and don't intend to save it as an environmental variable

JimmyTron commented 1 year ago

I intend to have it there since in some instance we wouldn't want to turn itt on or off depending on circumstances. What's your take?

Collins-Omariba commented 1 year ago

We can include a .env-sample file with only the environment variable names.

raykipkorir commented 1 year ago

I suggest we use python-decouple to hide our environment variables \ i.e DEBUG, DATABASE_URL and SECRET_KEY From the docs πŸ‘‡ It also makes it easy for you to:

  1. store parameters in ini or .env files;
  2. define comprehensive default values;
  3. properly convert values to the correct data type;
  4. have only one configuration module to rule all your instances.

.env should look like this

Screenshot 2023-02-06 115046

What do you guys think?