Closed pleia2 closed 1 month ago
Hey @pleia2 I'd like to work on this issue
@duckling69 Great! Let's discuss here a proposal for how you'd like to solve this, what are your thoughts?
We can create a .env
file in the root directory and add it to .gitignore
. We use python-dotenv
to read the password as PASSWORD = os.environ.get('DB_PASSWORD')
.
We can create a
.env
file in the root directory and add it to.gitignore
. We usepython-dotenv
to read the password asPASSWORD = os.environ.get('DB_PASSWORD')
.
Good idea! Let's move forward with this solution :+1:
I was thinking of using something like TOML file to store config variables as it has structured data storage, data types and validation and is less likely to throw an error in future // @pleia2
In production, it's recommended to use something like our https://github.com/openmainframeproject/software-discovery-tool-deploy system which updates the production tool with every commit so that the tool automatically stays up to date.
Today it doesn't quite work because changes have to be made to src/classes/package_search.py to add the read-only MariaDB password for the web UI to query. This results in an error when running
git pull
to keep the rest of the code up to date."Edit line 14 of a script" isn't the best way to store secrets anyway :smile: so let's come up with a better way of storing this password that doesn't require editing this file. If the file stays pristine, we won't have the git pull error!