Gsoc 18 Project | Collect build statistics
Bradley Giesbrecht
pixilla at macports.org
Tue May 15 19:51:07 UTC 2018
>>> On 9 May 2018 at 04:06, Vishnu <vishnum1998 at gmail.com> wrote:
>>>>
>>>> Hi
>>>>
>>>> And also i couldn't figure out any way to hide passwords/ Sensitive
>>>> information while creating app.
>
> Here's one way:
> https://ultimatedjango.com/learn-django/lessons/handling-sensitive-keys/
>
> Of course you need that information on the server where you are
> running the application, but the secrets and passwords should not be
> stored in a public repository.
> What I often do is create something like
> settings.py.sample
> or perhaps just
> secrets.py.sample
> and commit that one with a fake password to repository. Then, whoever
> wants to run the app, should first copy the file (removing the .sample
> extension), enter the correct secret data and only then run the app.
>
> Again: you do need to have this information stored somewhere, it just
> may not leak to a public repository. If you commit settings.py with
> fake passwords and correct the password on that one file, you might
> accidentally commit the change one day, so it's better to have a
> separate file.
I didn’t see it mentioned so I’ll suggest adding secrets.py to .gitignore.
For some Rails apps we used dotenv and I see they have it for python.
https://github.com/theskumar/python-dotenv
Same here, add .env to .gitignore.
Regards,
Bradley Giesbrecht (pixilla)
More information about the macports-dev
mailing list