read secret key from file

2024-01-14 20:18:52 +02:00 · 2024-01-14 20:18:52 +02:00 · 446413083a
parent 9700a24db5
commit 446413083a
1 changed files with 10 additions and 1 deletions
--- a/app/e11sync/settings.py
+++ b/app/e11sync/settings.py
@ -16,9 +16,18 @@ else:
    else:
        _DATABASE_PATH = BASE_DIR / 'db.sqlite3'

+if secret_path := environ.get("E11SYNC_SECRET_KEY_PATH"):
+    with open(secret_path) as f:
+        _SECRET_KEY = f.read().strip()
+        secret_key_msg = "SECRET_KEY read from {}".format(secret_path)
+else:
+    _SECRET_KEY = 'django-insecure-$e2!=equ(efm0e%f9&t+xjtz0)$*$@pw%rnjdqcl8f@5o5hw!l'
+    secret_key_msg = "SECRET_KEY is insecure"
+
 # otherwise it gets printed twice
 if not environ.get("E11SYNC_DEBUG_PRINTED"):
    print("DEBUG={}".format(_DEBUG))
+    print(secret_key_msg)
    print("COMPRESS_OFFLINE={}".format(_COMPRESS_OFFLINE))
    print("STATIC_ROOT={}".format(_STATIC_ROOT))
    print("GEOIP_PATH={}".format(_GEOIP_PATH))
@ -28,7 +37,7 @@ if not environ.get("E11SYNC_DEBUG_PRINTED"):
 ########################################
 ## No more side effects after this place

-SECRET_KEY = 'django-insecure-$e2!=equ(efm0e%f9&t+xjtz0)$*$@pw%rnjdqcl8f@5o5hw!l'
+SECRET_KEY = _SECRET_KEY

 DEBUG = _DEBUG