I have a django app that uses env variables for things like db passwords, django_secret_key, api keys, etc.
我有一个django应用程序,使用env变量,如db密码,django_secret_key,api键等。
I want to use the env variables in production, but want to keep the values of those values out of git. What is the best way to:
我想在生产中使用env变量,但是想要将这些值的值保留在git之外。什么是最好的方式:
- Store sensitive production environment variables
- Load the variables into the production environment
存储敏感的生产环境变量
将变量加载到生产环境中
Thanks in advance.
提前致谢。
2 个解决方案
#1
0
Your question might be very opinion based ...
你的问题可能是基于意见的......
- You could for example read stuff from a configuration file which is not the
settings.py. - You could split the settings with
local-devel.pywhich overrides stuff insettings.py
例如,您可以从配置文件中读取不是settings.py的内容。
您可以使用local-devel.py拆分设置,这会覆盖settings.py中的内容
See for example here: https://code.djangoproject.com/wiki/SplitSettings or this so question: How to manage local vs production settings in Django? (which I personally find ugly ...).
例如,请参阅:https://code.djangoproject.com/wiki/SplitSettings或者这样的问题:如何在Django中管理本地vs生产设置? (我个人觉得很难看......)。
I use salt-stack and put all the sensitive information in the pillars, but that might be an overkill for a single developer.
我使用salt-stack并将所有敏感信息放在支柱中,但对于单个开发人员而言,这可能是一种过度杀伤力。
You can than use some state to set the environment variables such that your wsgi app can see these variables.
您可以使用某种状态来设置环境变量,以便您的wsgi应用程序可以看到这些变量。
#2
0
You can have your files (configuration files) on your server. You can have a default configuration file in the repo for reference but the one with the production values you can "hide" using:
您可以在服务器上拥有文件(配置文件)。您可以在repo中使用默认配置文件以供参考,但是具有生产值的文件可以使用以下方式“隐藏”:
https://git-scm.com/docs/git-update-index
--assume-unchanged
git update-index --assume-unchanged <path>
In case you need to print out list of files marked with the --assume-unchanged flag:
如果您需要打印标有_assume-unchanged标志的文件列表:
git ls-files -v|grep '^h'
#1
0
Your question might be very opinion based ...
你的问题可能是基于意见的......
- You could for example read stuff from a configuration file which is not the
settings.py. - You could split the settings with
local-devel.pywhich overrides stuff insettings.py
例如,您可以从配置文件中读取不是settings.py的内容。
您可以使用local-devel.py拆分设置,这会覆盖settings.py中的内容
See for example here: https://code.djangoproject.com/wiki/SplitSettings or this so question: How to manage local vs production settings in Django? (which I personally find ugly ...).
例如,请参阅:https://code.djangoproject.com/wiki/SplitSettings或者这样的问题:如何在Django中管理本地vs生产设置? (我个人觉得很难看......)。
I use salt-stack and put all the sensitive information in the pillars, but that might be an overkill for a single developer.
我使用salt-stack并将所有敏感信息放在支柱中,但对于单个开发人员而言,这可能是一种过度杀伤力。
You can than use some state to set the environment variables such that your wsgi app can see these variables.
您可以使用某种状态来设置环境变量,以便您的wsgi应用程序可以看到这些变量。
#2
0
You can have your files (configuration files) on your server. You can have a default configuration file in the repo for reference but the one with the production values you can "hide" using:
您可以在服务器上拥有文件(配置文件)。您可以在repo中使用默认配置文件以供参考,但是具有生产值的文件可以使用以下方式“隐藏”:
https://git-scm.com/docs/git-update-index
--assume-unchanged
git update-index --assume-unchanged <path>
In case you need to print out list of files marked with the --assume-unchanged flag:
如果您需要打印标有_assume-unchanged标志的文件列表:
git ls-files -v|grep '^h'