Open ottonomy opened 10 years ago
Huh! This is a bit of a conundrum for me. To be 12-factor-y, the SECRET_KEY should be set via environment variables or something. And it's probably best not to let the server really run without a secure SECRET_KEY. But, it's a pain in the butt not to be able to use the normal manage.py commands without foreman
setting the environment.
Maybe:
SECRET_KEY = env('SESSION_SECRET_KEY', 'insecure-default')
if SECRET_KEY == 'insecure-default':
if DEBUG:
logging.warning('Using a default secret key because in debug mode and SESSION_SECRET_KEY not set')
else:
raise ImproperlyConfigured('In a production setting, you MUST set the SESSION_SECRET_KEY environment variable.')
Does that look like a good compromise?
Warning the developer but still letting you get the work done sounds good to me. I'm not too familiar, but would this approach create the same problem when trying to configure the production environment?
Hmm, yeah, it probably would. And actually, DEBUG
is set in the environment too, so my idea is not as useful after all. Maybe everything just needs to be run with foreman.
Upon setting up a new virtualenv and following the installation instructions, the command
python manage.py syncdb
fails with an errordjango.core.exceptions.ImproperlyConfigured: The SECRET_KEY setting must not be empty.
I made a quick tweak to the code in settings.py to have a default value when calling env():
env('SECRET_SESSION_KEY','something')
, and that let me past that step.