skip to Main Content

I have read that it is not secure to store the SECRET_KEY in settings.py as its default. So, I decided to store it in my __init__.py.
I wrote in __init__.py which is beside settings.py:

export SECRET_KEY= 'hf7^vrmc!^agnpba#^+$9ac-@eullgd-=ckq&u1zu$b7nqc)%_'

This is the only line in my __init__.py. Then in settings.py I changed the line

SECRET_KEY = 'hf7^vrmc!^agnpba#^+$9ac-@eullgd-=ckq&u1zu$b7nqc)%_'

into

SECRET_KEY = get_env_variable('SECRET_KEY')

but when I try to runserver, I receive Syntax error as below:

…
__init__.py", line 1
    export SECRET_KEY= 'hf7^vrmc!^agnpba#^+$9ac-@eullgd-=ckq&u1zu$b7nqc)%_'
                    ^
SyntaxError: invalid syntax

What’s wrong here?
Thank you in advanced.


I have edited my code as bellow with the help of comments here, but still no succeed:

I have
SECRET_KEY = os.environ.get('SECRET_KEY') in settings.py, and export SECRET_KEY='hf7^vrmc!^agnpba#^+$9ac-@eullgd-=ckq&u1zu$b7nqc)%_' in .bash_profile . These gives me the error of

  3.7/lib/python3.7/site-packages/django/conf/__init__.py", line 126, in init raise ImproperlyConfigured("The SECRET_KEY setting must not be empty.") django.core.exceptions.ImproperlyConfigured: The SECRET_KEY setting must not be empty 

When I copy the file .bash_profile from the home/mydirectory and paste it beside manage.py of the project, there is no error in the result of writing python manage.py runserver in terminal. (The above error was in terminal with exactly this command).
But, When I startproject from cPanel and test my website on the browser, I receive the error of There is something wrong and my website does not work.
I guess something like this is happens: When I press startproject from cPanel, it starts from the outer root, so it sees that I have two instances of .bash_profile. However, when I go to project root from the terminal and write python manage.py runserver it just sees that specific .bash_profile inside the project folder. Is it correct? If so, how can I solve my problem to have a secure SECRET_KEY with available website?

If I delete the inner .bash_profile and change BASE_DIR to BASE_DIR = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) (as here link), I will have no error in terminal by python manage.py runserver. It results:

System check identified no issues (0 silenced).
April 24, 2020 - 21:04:33
Django version 2.1, using settings 'myprojectt.settings'
Starting development server at http://127.0.0.1:8000/
Quit the server with CONTROL-C.

and it won’t give the error of SECRET_KEY can’t be empty. But when I press startproject from cPanel and go to my domain from the browser, I receive

`We're sorry, but something went wrong.`

Note: my website works properly if I explicitly write SECRET_KEY in settings.py, BUT without any security

3

Answers


  1. import os   
    os.environ.get('SECRET_KEY')
    

    Requested explanation:
    os is default module to interact with operative system.
    os.environ is a dictionary with environment variables and get.(‘SECRET_KEY’) method to get value wich key is ‘SECRET_KEY’ .
    Summary, you get value from environment variable called ‘SECRET_KEY’

    If you are using os.environ.get(‘SECRET_KEY’) should be because you PREVIOUSLY have set an environment variable called ‘SECRET_KEY’. How did I set a variable?

    maybe:

    bash:

    export SECRET_KEY=abcdfghijklm

    or maybe:

    dos:

    SET SECRET_KEY=abcdfghijklm

    or maybe your editor/framework has a setting option to set environments variable.

    P.D. WITHOUT “” or ” to set enviroments variables

    Login or Signup to reply.
  2. You can leave out the ‘export’:

    SECRET_KEY= 'hf7^vrmc!^agnpba#^+$9ac-@eullgd-=ckq&u1zu$b7nqc)%_'
    
    Login or Signup to reply.
  3. Having secret keys in the any of the source code files is problematic.

    We normally store our environment variables in the same directory as the settings file in an .env file which is not committed to the git repository via an entries in .gitignore.

    extract of .gitignore for .env files and env

    .env*
    

    We include python-dotenv in the requirements.txt file to load the .env file.

    and we load the environment variables in the .env file in the settings.py file.

    import os
    from dotenv import load_dotenv
    
    # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
    BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
    
    #print('Loading environment')
    #print(__file__)
    env_path = os.path.join(os.path.dirname(__file__),'.env')
    #print(env_path)
    load_dotenv(verbose=True,dotenv_path=env_path)
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search