Not a dumb question but frequently asked.There are two approaches - one is to export your secrets as environment vars and read them from there. The other is to keep them in disk files and read them as required.
In both cases the idea is to keep secrets out of your code and thus out of your repo.
I prefer the latter approach. Cheers Mike -------- Original message -------- From: john fabiani <jo...@jfcomputer.com> Date: 27/10/22 02:09 (GMT+10:00) To: django-users@googlegroups.com Subject: secret api keys Hi, Maybe a dumb question but if I add secret keys in my settings.py file (or should it be placed) will they be protected from the front end side (the part that is displayed to the user of the website). For example I have a secret key to access Authorize Net. Will it be protected from someone opening the website and using chrome to see the source? Johnf --You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/eeb82d0a-f18d-c253-a613-24c685307f41%40jfcomputer.com.
-- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/6068b999-3cca-f4e3-cb58-493e08800187%40dewhirst.com.au.
OpenPGP_signature
Description: OpenPGP digital signature
