From ee999f8eafe6b1a374ab02d5a1df281ab1cf46f5 Mon Sep 17 00:00:00 2001 From: Benni Baermann Date: Tue, 17 Nov 2020 13:23:07 +0100 Subject: [PATCH] removed SECRET_KEY from production settings, must be provides in secrets.json --- README.md | 4 +++- foerderbarometer/settings_production.py | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4cdc538..9c976a7 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,7 @@ purpose: gather data from intern(WMDE) and extern(volunteers) forms to create a ln -sr foerderbarometer/settings_development.py foerderbarometer/settings.py + run the development server with python3 manage.py runserver @@ -25,7 +26,8 @@ run the development server with edit /secrets.json to contain something similar to { - "DATABASE_PASSWORD": "THIS IS TOP SECRET!" + "DATABASE_PASSWORD": "THIS IS TOP SECRET!", + "SECRET_KEY": "THIS IS ANOTHER SECRET!" } edit foerderbarometer/settings_production.py according to your database setup (tested with MariaDB 10.0.36) diff --git a/foerderbarometer/settings_production.py b/foerderbarometer/settings_production.py index 22dce60..ba6437e 100644 --- a/foerderbarometer/settings_production.py +++ b/foerderbarometer/settings_production.py @@ -45,7 +45,7 @@ def get_secret(setting, secrets=secrets): # See https://docs.djangoproject.com/en/3.1/howto/deployment/checklist/ # SECURITY WARNING: keep the secret key used in production secret! -SECRET_KEY = '*&7p9#_n$@^%0z49s+7jpy@+j1rw_hqh05knyd6y2*!0)r&b6h' +SECRET_KEY = get_secret('SECRET_KEY') # SECURITY WARNING: don't run with debug turned on in production! DEBUG = False