From 1be2d1faeea33e4334e915b7e913dd01ab4bd126 Mon Sep 17 00:00:00 2001 From: Benni Baermann Date: Fri, 6 Nov 2020 12:00:01 +0100 Subject: [PATCH] secrets file mechanism added to have a way to store passwd out of git --- .gitignore | 5 ++++- foerderbarometer/settings.py | 16 ++++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 13d1490..42c1eac 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,8 @@ # ---> Python + +# secret passwords and so +/secrets.json + # Byte-compiled / optimized / DLL files __pycache__/ *.py[cod] @@ -128,4 +132,3 @@ dmypy.json # Pyre type checker .pyre/ - diff --git a/foerderbarometer/settings.py b/foerderbarometer/settings.py index 5a49f08..4b06fe9 100644 --- a/foerderbarometer/settings.py +++ b/foerderbarometer/settings.py @@ -10,14 +10,29 @@ For the full list of settings and their values, see https://docs.djangoproject.com/en/3.1/ref/settings/ """ +import json +import os from pathlib import Path +from django.core.exceptions import ImproperlyConfigured + # mails in development go to stdout EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' # Build paths inside the project like this: BASE_DIR / 'subdir'. BASE_DIR = Path(__file__).resolve().parent.parent +# get secrets +with open(os.path.join(BASE_DIR, 'secrets.json')) as secrets_file: + secrets = json.load(secrets_file) + +def get_secret(setting, secrets=secrets): + """Get secret setting or fail with ImproperlyConfigured""" + try: + return secrets[setting] + except KeyError: + raise ImproperlyConfigured("Set the {} setting".format(setting)) + # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/3.1/howto/deployment/checklist/ @@ -85,6 +100,7 @@ DATABASES = { 'default': { 'ENGINE': 'django.db.backends.sqlite3', 'NAME': BASE_DIR / 'db.sqlite3', + 'PASSWORD': get_secret('DATABASE_PASSWORD') } }