From 446413083a75530602ca83053fbf3be0e68bba03 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= <motiejus@jakstys.lt>
Date: Sun, 14 Jan 2024 20:18:52 +0200
Subject: [PATCH] read secret key from file

---
 app/e11sync/settings.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/app/e11sync/settings.py b/app/e11sync/settings.py
index 8f7ec96..350b95b 100644
--- a/app/e11sync/settings.py
+++ b/app/e11sync/settings.py
@@ -16,9 +16,18 @@ else:
     else:
         _DATABASE_PATH = BASE_DIR / 'db.sqlite3'
 
+if secret_path := environ.get("E11SYNC_SECRET_KEY_PATH"):
+    with open(secret_path) as f:
+        _SECRET_KEY = f.read().strip()
+        secret_key_msg = "SECRET_KEY read from {}".format(secret_path)
+else:
+    _SECRET_KEY = 'django-insecure-$e2!=equ(efm0e%f9&t+xjtz0)$*$@pw%rnjdqcl8f@5o5hw!l'
+    secret_key_msg = "SECRET_KEY is insecure"
+
 # otherwise it gets printed twice
 if not environ.get("E11SYNC_DEBUG_PRINTED"):
     print("DEBUG={}".format(_DEBUG))
+    print(secret_key_msg)
     print("COMPRESS_OFFLINE={}".format(_COMPRESS_OFFLINE))
     print("STATIC_ROOT={}".format(_STATIC_ROOT))
     print("GEOIP_PATH={}".format(_GEOIP_PATH))
@@ -28,7 +37,7 @@ if not environ.get("E11SYNC_DEBUG_PRINTED"):
 ########################################
 ## No more side effects after this place
 
-SECRET_KEY = 'django-insecure-$e2!=equ(efm0e%f9&t+xjtz0)$*$@pw%rnjdqcl8f@5o5hw!l'
+SECRET_KEY = _SECRET_KEY
 
 DEBUG = _DEBUG