Wednesday, October 26, 2022

secret api keys

Not a dumb question but frequently asked.

There are two approaches - one is to export your secrets as environment vars and read them from there. The other is to keep them in disk files and read them as required. 

In both cases the idea is to keep secrets out of your code and thus out of your repo.

I prefer the latter approach. 



-------- Original message --------
From: john fabiani <>
Date: 27/10/22 02:09 (GMT+10:00)
Subject: secret api keys


Maybe a dumb question but if I add secret keys in my file
(or should it be placed) will they be protected from the front end side
(the part that is displayed to the user of the website).

For example I have a secret key to access Authorize Net.  Will it be
protected from someone opening the website and using chrome to see the


You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To view this discussion on the web visit

No comments:

Post a Comment