Hi there, I'm following the guidelines by making sure the environment variables are stored outside of the settings.py files.
-- The project is "dockerised" and so the environment variables have been stored in files docker-compose.yml and docker-compose-prod.yml.
This includes things like the project's secret key, API keys, and database passwords.
My question is:
• Just because environment variables are stored in .yml files, won't they be equally insecure the moment I commit the project folder to a git repo (and especially if I push that repo to GitHub)?
e.g. the Secret Key will forevermore be stored in the git repo (in earlier versions, even if I later move it to another file in subsequent commits).
Is there an even more secure way of storing environment variables? Or am I overthinking it (as I'm the only developer and the GitHub repo is set to Private)?
Many thanks in advance for your help.
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/887bcd5b-4525-4a54-a4e5-5eae32b20041%40googlegroups.com.
No comments:
Post a Comment