Thursday, October 29, 2020

Re: Django Sending Mail

Hi Samiddha,

On 29/10/2020 17.08, Samiddha সমিদ্ধ wrote:
> I want to include an email service in my project. But for that I need to
> provide my email password to django in EMAIL_HOST_PASSWORD
> <>.
> I want to know that secure to provide email password. When I deploy the
> project with a host, then is there are any risk of theft my password;
> how do I encrypt my password in django

You can't really avoid making some secrets available on your production
system. I personally use django-configurations:

and set my secrets as environment variables in my systemd service file
for gunicorn. That is mostly for convenience. You definitely shouldn't
store your secrets in the file you keep in revision control,
but using environment variables doesn't make them any less accessible to
your hosting provider.

I don't think there's any way to avoid having to trust your hosting
provider, but you can try to ensure the secrets are only known to you
and your hosting provider.

If you don't want to use django-configurations, a more "traditional"
approach is described here:

It doesn't make much sense to encrypt your password, since you still
need to provide the secret to decrypt it when it needs to be used and
then you're back to square one. You might be able to store a private key
in some secure storage from your hosting provider that ensures the
private key can never be retrieved and only used for decrypting your
password, but I don't really think it's worth the effort, especially
considering you still have to trust your hosting provider.

Hope that makes some sense.

Kind regards,

Kasper Laudrup

You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To view this discussion on the web visit

No comments:

Post a Comment