How to hide the password of postgresql in settings.py

Discussion:

Sandip Nath

2018-11-30 17:50:14 UTC

I am a newbie to Django. Using Postgresql for CRUD operations. Although its
working but I need to write the password of my Postgresql server in the
settings.py. How can I hide that without hampering the operation?

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+***@googlegroups.com.
To post to this group, send email to django-***@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/ea8bc539-a3be-44b4-af2f-e1b7f11d1539%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Bill Freeman

2018-11-30 18:03:43 UTC

Permalink

You should be keeping settings.py secure. There's other stuff that
shouldn't be public. That's why the django project directories are not
included in the pages that the front end web server is allowed to serve,
among other things. Security is tough. There's no magic answer.

Post by Sandip Nath
I am a newbie to Django. Using Postgresql for CRUD operations. Although
its working but I need to write the password of my Postgresql server in the
settings.py. How can I hide that without hampering the operation?
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/ea8bc539-a3be-44b4-af2f-e1b7f11d1539%40googlegroups.com
<https://groups.google.com/d/msgid/django-users/ea8bc539-a3be-44b4-af2f-e1b7f11d1539%40googlegroups.com?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+***@googlegroups.com.
To post to this group, send email to django-***@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAB%2BAj0ursz0UbEaS7MFjGimKXqnNi72g7w5DwnSpt_SvsA_qOw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

l***@gmail.com

2018-11-30 18:23:31 UTC

Permalink

I typically create a second file which stores my sensitive data and import
it as a variable.

Then can exclude say.. credentials.py when sharing code.

I don't know that this is an ideal solution, just something that I've taken
as habit.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+***@googlegroups.com.
To post to this group, send email to django-***@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/2d1c3851-5888-4d2f-8b8a-7ed05a88a379%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Carsten Fuchs

2018-11-30 18:24:21 UTC

Permalink

In your settings.py, you could write something like:

from my_site import localconfig

DEBUG = localconfig.DEBUG
SECRET_KEY = localconfig.SECRET_KEY

# Rest of normal settings.py file
# ...

and in a minmal my_site/localconfig.py file:

DEBUG = True
SECRET_KEY = '...'

For completeness, be aware that some people consider local config files an anti
pattern. Personally, I've never found the arguments convincing, but use at your
own discretion.

Best regards,
Carsten

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+***@googlegroups.com.
To post to this group, send email to django-***@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/ddc528e3-12c1-6ba4-0f5b-1be7dad54acd%40cafu.de.
For more options, visit https://groups.google.com/d/optout.

vineeth sagar

2018-11-30 20:29:39 UTC

Permalink

Use this

https://github.com/jpadilla/django-dotenv/blob/master/README.rst

If you have copied the GitHub template of .gitignore then the .env won't be
in your history of vs. I used this in production and development without a
single problem.

Post by Carsten Fuchs

from my_site import localconfig
DEBUG = localconfig.DEBUG
SECRET_KEY = localconfig.SECRET_KEY
# Rest of normal settings.py file
# ...
DEBUG = True
SECRET_KEY = '...'
For completeness, be aware that some people consider local config files an
anti pattern. Personally, I've never found the arguments convincing, but
use at your own discretion.
Best regards,
Carsten
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/ms
gid/django-users/ddc528e3-12c1-6ba4-0f5b-1be7dad54acd%40cafu.de.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+***@googlegroups.com.
To post to this group, send email to django-***@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAMMZq8MHS7Jv5-D0nwaFYf5fxrsuj1c7sQ94yv8nZqMJiTFqNg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.