Hi Fenrir, On 12/8/20 7:28 AM, Fenrir Sivar wrote:
I inherited a django app that calls private APIs in a view to fetch some data. The credentials or api keys are currently hardcoded in the source, making it difficult to share. What is the preferred way to store these kind of keys in a secure way only accessible to the django server?
I don't know if it's the preferred way, but one way is to read them from environment variables, that's what I do at least.
In production I set them in the .service file I use to launch gunicorn overriding the defaults that will be used for development/test.
Let me know if you need some details on how I've done that, but maybe someone else has some better ideas.
Kind regards, Kasper Laudrup -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/370473b7-7952-d75a-2a33-08bf65fab1fd%40stacktrace.dk.
