andrew-rietz/Python and Django - Protect Your Secrets.md

Last active April 17, 2019 15:16

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/andrew-rietz/84eaf69bdba12e12a6ab3401389e58af.js"></script>
Save andrew-rietz/84eaf69bdba12e12a6ab3401389e58af to your computer and use it in GitHub Desktop.

Download ZIP

Info on practices to protect your secret info when hosting projects on GitHub

Raw

Python and Django - Protect Your Secrets.md

Python and Django - Protect Your Secrets

Credit Alex Van Liew. Original post: https://stackoverflow.com/a/31884002

Create a non-versioned file. Add a new file to your project directory (i.e., secrets.py), reference that file from your setting files, and add the 'secrets' file to your .gitignore list.
Use environment variables. Pass environment variables to your process and then retrieve them with your settins file.
Use a second repository in combination with Method 1, above. Create a dedicated 'secrets' repository that you store all of your secrets in.

Rewriting your GitHub history to remove secret info: Credit Warren Henning, Patrick Thomson, and Github. Original post: http://fearofcode.github.io/blog/2013/01/15/how-to-scrub-sensitive-information-from-django-settings-dot-py-files/

Create a 'secret' file to hold your info.
Make a copy of your 'settings.py' file that is scrubbed of secret information
Follow GitHub's steps for removing sensitive data (https://help.github.com/articles/remove-sensitive-data)
Copy the scrubbed / clean settings.py file into your GitHub repo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment