From a security perspective, there are a couple of things that I would recommend with the app in production (and whilst this is less important given the database is purely used to read from it is worth doing):
Currently the django SECRET_KEY is present in plain text in the repository
The django user details are available as plain text in the docker-compose.yml
You can use the python-decouple package to do something similar in the django settings file where a .env file is specified in the backend directory and the settings specified there are imported using decouple like this:
The .env file is not version controlled but shared privately for deployment.
You can use the same .env file for docker-compose.yml and python decouple (it would have to live in backend), you would just need to specify the location of the .env file to docker-compose like this $ docker-compose up -d --env-file backend/.env
From a security perspective, there are a couple of things that I would recommend with the app in production (and whilst this is less important given the database is purely used to read from it is worth doing):
docker-compose.yml
To avoid this the following steps can be taken:
docker-compose.yml
allows for environment variables to be specified in a.env
file in the base project folderYou can use the
python-decouple
package to do something similar in the django settings file where a.env
file is specified in thebackend
directory and the settings specified there are imported using decouple like this:.env
file is not version controlled but shared privately for deployment..env
file fordocker-compose.yml
and python decouple (it would have to live inbackend
), you would just need to specify the location of the.env
file todocker-compose
like this$ docker-compose up -d --env-file backend/.env