On Fri, Sep 16, 2011 at 8:54 PM, Tim Chase
<django.us...@tim.thechases.com> wrote:
> Just returning to some Django work after a time away, I (re)started an old
> project in 1.3 and hit an early issue. I'd like to keep my settings.py
> under revision-control that is somewhat publicly accessible, but don't want
> my SECRET_KEY exposed. The solution I've opted for is the following excerpt
> of my settings.py on which I'm hoping for feedback:
>
> SECRET_FILE = "secret.txt"
> if os.path.exists(SECRET_FILE):
> SECRET_KEY = file(SECRET_FILE).read()
> else:
> from random import choice
> SECRET_KEY = ''.join([
> choice(
> 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)'
> ) for i in range(50)])
> f = file(SECRET_FILE, 'w')
> f.write(SECRET_KEY)
> f.close()
>
> (key generation ripped directly from
> core/management/commands/startproject.py )
>
> As best I can tell, this should allow me to place secret.txt on machines I
> control, while allowing others to freely download the code and deploy on
> their end with minimal trouble.
>
> Any input would be greatly appreciated,
>
> -tkc
settings.py/
|- __init__.py
|- base.py
|- development.py
|- production.py
|- secret.py # <== not in version control
then in __init__.py:
from base import *
from secret import *
if DEBUG:
from development import *
else:
from production import *
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
