search

tgs / webhook-project-site

A Django 'project' for developing django-badgekit-webhooks
MIT License
1 stars 1 forks source link

SECRET_KEY error on install #1

Open ottonomy opened 10 years ago

ottonomy commented 10 years ago

Upon setting up a new virtualenv and following the installation instructions, the command python manage.py syncdb fails with an error django.core.exceptions.ImproperlyConfigured: The SECRET_KEY setting must not be empty.

I made a quick tweak to the code in settings.py to have a default value when calling env(): env('SECRET_SESSION_KEY','something'), and that let me past that step.

tgs commented 10 years ago

Huh! This is a bit of a conundrum for me. To be 12-factor-y, the SECRET_KEY should be set via environment variables or something. And it's probably best not to let the server really run without a secure SECRET_KEY. But, it's a pain in the butt not to be able to use the normal manage.py commands without foreman setting the environment.

Maybe:

SECRET_KEY = env('SESSION_SECRET_KEY', 'insecure-default')
if SECRET_KEY == 'insecure-default':
  if DEBUG:
    logging.warning('Using a default secret key because in debug mode and SESSION_SECRET_KEY not set')
  else:
    raise ImproperlyConfigured('In a production setting, you MUST set the SESSION_SECRET_KEY environment variable.')

Does that look like a good compromise?

ottonomy commented 10 years ago

Warning the developer but still letting you get the work done sounds good to me. I'm not too familiar, but would this approach create the same problem when trying to configure the production environment?

tgs commented 10 years ago

Hmm, yeah, it probably would. And actually, DEBUG is set in the environment too, so my idea is not as useful after all. Maybe everything just needs to be run with foreman.