I have read that it is not secure to store the SECRET_KEY
in settings.py
as its default. So, I decided to store it in my __init__.py
.
I wrote in __init__.py
which is beside settings.py
:
export SECRET_KEY= 'hf7^vrmc!^agnpba#^+$9ac-@eullgd-=ckq&u1zu$b7nqc)%_'
This is the only line in my __init__.py
. Then in settings.py
I changed the line
SECRET_KEY = 'hf7^vrmc!^agnpba#^+$9ac-@eullgd-=ckq&u1zu$b7nqc)%_'
into
SECRET_KEY = get_env_variable('SECRET_KEY')
but when I try to runserver, I receive Syntax error as below:
…
__init__.py", line 1
export SECRET_KEY= 'hf7^vrmc!^agnpba#^+$9ac-@eullgd-=ckq&u1zu$b7nqc)%_'
^
SyntaxError: invalid syntax
What’s wrong here?
Thank you in advanced.
I have edited my code as bellow with the help of comments here, but still no succeed:
I have
SECRET_KEY = os.environ.get('SECRET_KEY')
in settings.py
, and export SECRET_KEY='hf7^vrmc!^agnpba#^+$9ac-@eullgd-=ckq&u1zu$b7nqc)%_'
in .bash_profile
. These gives me the error of
3.7/lib/python3.7/site-packages/django/conf/__init__.py", line 126, in init raise ImproperlyConfigured("The SECRET_KEY setting must not be empty.") django.core.exceptions.ImproperlyConfigured: The SECRET_KEY setting must not be empty
When I copy the file .bash_profile
from the home/mydirectory
and paste it beside manage.py
of the project, there is no error in the result of writing python manage.py runserver
in terminal. (The above error was in terminal with exactly this command).
But, When I startproject
from cPanel
and test my website on the browser, I receive the error of There is something wrong
and my website does not work.
I guess something like this is happens: When I press startproject
from cPanel, it starts from the outer root, so it sees that I have two instances of .bash_profile
. However, when I go to project root from the terminal and write python manage.py runserver
it just sees that specific .bash_profile
inside the project folder. Is it correct? If so, how can I solve my problem to have a secure SECRET_KEY
with available website?
If I delete the inner .bash_profile
and change BASE_DIR
to BASE_DIR = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
(as here link), I will have no error in terminal
by python manage.py runserver
. It results:
System check identified no issues (0 silenced).
April 24, 2020 - 21:04:33
Django version 2.1, using settings 'myprojectt.settings'
Starting development server at http://127.0.0.1:8000/
Quit the server with CONTROL-C.
and it won’t give the error of SECRET_KEY
can’t be empty. But when I press startproject
from cPanel
and go to my domain from the browser, I receive
`We're sorry, but something went wrong.`
Note: my website works properly if I explicitly write SECRET_KEY
in settings.py
, BUT without any security
3
Answers
Requested explanation:
os is default module to interact with operative system.
os.environ is a dictionary with environment variables and get.(‘SECRET_KEY’) method to get value wich key is ‘SECRET_KEY’ .
Summary, you get value from environment variable called ‘SECRET_KEY’
If you are using os.environ.get(‘SECRET_KEY’) should be because you PREVIOUSLY have set an environment variable called ‘SECRET_KEY’. How did I set a variable?
maybe:
bash:
export SECRET_KEY=abcdfghijklm
or maybe:
dos:
SET SECRET_KEY=abcdfghijklm
or maybe your editor/framework has a setting option to set environments variable.
P.D. WITHOUT “” or ” to set enviroments variables
You can leave out the ‘export’:
Having secret keys in the any of the source code files is problematic.
We normally store our environment variables in the same directory as the settings file in an .env file which is not committed to the git repository via an entries in .gitignore.
extract of .gitignore for .env files and env
We include
python-dotenv
in the requirements.txt file to load the .env file.and we load the environment variables in the .env file in the settings.py file.