How to Protect Your Django Project's Secret Key (2024)

Table of Contents
Requirements Steps Note References Cover Image Source Top comments (0)
How to Protect Your Django Project's SecretKey (1)

How to Protect Your Django Project's SecretKey (2)

Mfon.

Posted on • Updated on

How to Protect Your Django Project's SecretKey (3) How to Protect Your Django Project's SecretKey (4) How to Protect Your Django Project's SecretKey (5) How to Protect Your Django Project's SecretKey (6) How to Protect Your Django Project's SecretKey (7)

I have been working on some Django tasks for a while. I mistakenly pushed my secret key to my public GitHub repository.😬 Yeah, rookie mistake! 🤷🏽‍♂️

I immediately received an email from GitGuardian informing me of the security risks involved.

How to Protect Your Django Project's SecretKey (8)

I took some steps to avoid this problem in subsequent tasks and projects. Before I get to that, I will briefly highlight some requirements.
P.S. I use VSCode on a windows device. 😁

See Also
DjangoDjango LoginViewPython Decorators – How to Create and Use Decorators in Python With ExamplesDjango

Requirements

Use a.gitignore file.

  • A.gitignore file tells git what files and directories to ignore. Git will automatically ignore any file or directory put in this file to protect sensitive information.

  • Create.gitignore files at the root of your GitHub repository before you git-clone it to VSCode.

Create a virtual environment i.e..env or.venv file.

#.envpy -3 -m venv .env#.venvpy -3 -m venv .venv

  • It is good practice to ignore your virtual environment by adding it into the.gitignore file, which you have included at the root of your repository.

Steps

On your command line, install python-dotenv with the following code:

pip install python-dotenv

Go to your settings.py file and paste these two lines in your settings file:

from dotenv import load_dotenvload_dotenv()

Copy your secret key from your settings.py file and paste it into the.env or.venv file you created:

SECRET_KEY=ui#1j%%f5mxdojzakk72+dvftl%4&y#31_a##16s6s(6pfxy-b

  • Remove the spaces before and after the equal sign

  • Remove the quotation marks

Next, in your settings.py file, you retrieve the secret key as follows:

SECRET_KEY = str(os.getenv('SECRET_KEY'))

How to Protect Your Django Project's SecretKey (9)

You may need to add the import os function:
How to Protect Your Django Project's SecretKey (10)

Run the server to see if it works before you stage and commit:

python manage.py runserver

Note

  • I switched to Git Bash on VSCode. Some commands did not work as expected with other terminals.
    How to Protect Your Django Project's SecretKey (11)

  • You may decide to try out any other terminal provided by VSCode:
    How to Protect Your Django Project's SecretKey (12)

If you know other ways to solve this, kindly leave a comment. 👇🏽

Cheers! 🍻

References

Cover Image Source

Top comments (0)

Subscribe

For further actions, you may consider blocking this person and/or reporting abuse

How to Protect Your Django Project's Secret Key (2024)
Top Articles
Python IDEs and Code Editors (Guide) – Real Python
Los 20 mejores servidores de Minecraft
Full Result 4.45 Brighton | 30 April 2024
Full Result 5.55 Brighton | 30 April 2024
Latest Posts
Best Master’s Degrees for the Future: Planning Ahead
PyCharm vs. VSCode: Which Is the Better Python IDE?
Article information

Author: Jamar Nader

Last Updated:

Views: 5329

Rating: 4.4 / 5 (75 voted)

Reviews: 90% of readers found this page helpful

Author information

Name: Jamar Nader

Birthday: 1995-02-28

Address: Apt. 536 6162 Reichel Greens, Port Zackaryside, CT 22682-9804

Phone: +9958384818317

Job: IT Representative

Hobby: Scrapbooking, Hiking, Hunting, Kite flying, Blacksmithing, Video gaming, Foraging

Introduction: My name is Jamar Nader, I am a fine, shiny, colorful, bright, nice, perfect, curious person who loves writing and wants to share my knowledge and understanding with you.