On 2/04/2018 7:59 PM, Cictani wrote:
> Hi,
>
> You could rename your dev settings file to for example
> 'settings_dev.py' and only commit this file (add settings.py to
> .gitignore).
I wrote a tiny utility to read a file and retrieve credentials for any
purpose but especially for keeping database credentials out of the
repository.
It means I have to store the credentials files (separate file for each
eg database, email etc) in a place accessible to the web server but out
of the doc root.
The settings file only contains calls to the utility like this ...
# production.py
from .base import *
SITE_ID = 1 # prd
ALLOWED_HOSTS += ['redacted',]
# Databases # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
dbdefault = getcreds(fname='db.host', project="{0}-prd".format(PROJECT))
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql_psycopg2',
'NAME': PROJECT,
'USER': dbdefault[0],
'PASSWORD': dbdefault[1],
'HOST': dbdefault[2],
'PORT': dbdefault[3],
}
}
email_creds = getcreds(fname='smtp.host', project="{0}-prd".format(PROJECT))
EMAIL_HOST = email_creds[0]
EMAIL_PORT = email_creds[1]
EMAIL_HOST_USER = email_creds[2]
EMAIL_HOST_PASSWORD = email_creds[3]
DEFAULT_FROM_EMAIL = email_creds[4]
#EMAIL_USE_TLS = True
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
DEFAULT_CHARSET = 'utf-8'
And for local testing ...
# mike-test.py
from .local import *
SITE_ID = 3
DEBUG = True
SESSION_COOKIE_SECURE = False
CSRF_COOKIE_SECURE = False
SECURE_BROWSER_XSS_FILTER = False
SECURE_SSL_REDIRECT = False
TEMPLATES[0]['OPTIONS']['debug'] = DEBUG
TEST_RUNNER = 'django.test.runner.DiscoverRunner'
INSTALLED_APPS = DEFAULT_APPS + THIRD_PARTY_APPS + LOCAL_APPS
# # # # # # # # # # IN-MEMORY TEST DATABASE
dbdefault = getcreds(fname='db.host', project="{0}-local".format(PROJECT))
DATABASES = {
'default': {
"ENGINE": "django.db.backends.sqlite3",
"NAME": ":memory:",
"USER": "",
"PASSWORD": "",
"HOST": "",
"PORT": "",
}
}
EMAIL_BACKEND = 'django.core.mail.backends.locmem.EmailBackend'
And here is the utility ...
#getcreds.py
from __future__ import unicode_literals, absolute_import, division
import os
def getcreds(fname, project, credsroot='/var/www/creds', credsdir=None):
""" return a list of userid and password and perhaps other data """
if credsdir is None:
credsdir = os.path.join(credsroot, project)
creds = list()
fname = os.path.join(credsdir, fname).replace("\\", "/")
with open(fname, 'r') as f:
for line in f:
# remove leading/trailing whitespace and append to list
creds.append(line.strip())
assert creds, "The list of credentials is empty"
return creds
>
> On your Linux Server you could create a new directory in /etc
>
> like:
>
> /etc/django
>
> /etc/django/app1
> /etc/django/app2
> ...
>
> There you store your production 'settings.py'
>
> In your app directory you can create a symbolic link to these files:
>
> |
> ln -s /etc/django/app1/settings.py /path/to/app1/app1/
> |
>
> You have to make sure the directory in /etc is readably by www-data or
> whatever user you run your webserver with:
>
> Now you can change the settings in the /etc directory and the settings
> are quite secure since only root will be able to change them by
> default. And you now do it the Linux way by storing all settings in /etc
>
> Since you added settings.py to .gitignore it won't get overwritten.
> You should make backups of your whole /etc directory anyways so your
> django settings also get saved.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to django-users+unsubscribe@googlegroups.com
> <mailto:django-users+unsubscribe@googlegroups.com>.
> To post to this group, send email to django-users@googlegroups.com
> <mailto:django-users@googlegroups.com>.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/8f3d6ebb-9db1-455e-99e3-d337490ffab5%40googlegroups.com
> <https://groups.google.com/d/msgid/django-users/8f3d6ebb-9db1-455e-99e3-d337490ffab5%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/b6895f2c-4bce-11f1-6934-6d36241015eb%40dewhirst.com.au.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment