Skip to content

added the a scripts help generate secret key#34

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
martcpp wants to merge 4 commits into
base:main
Choose a base branch
from
Open

added the a scripts help generate secret key #34

martcpp wants to merge 4 commits into from

Conversation

@martcpp
Copy link

@martcppmartcpp commented Mar 12, 2024

This pull request involves changes to improve the configuration and security of a Django project. The most significant changes include the introduction of a script to generate a secret key, changes to the ALLOWED_HOSTS and SECRET_KEY settings in hello_world/settings.py, and updates to the README.md and .env.example files.

Security improvements:

  • secretgen.py: A new Python script was added to generate a random secret key for Django projects. This script uses Django's get_random_secret_key function to generate the key and instructs the user to replace the secret key in their .env file with the generated key.

Documentation updates:

  • README.md: Instructions were added on how to generate a secret key for a Django project using the new secretgen.py script.

joshaber
joshaber reviewed Mar 25, 2024
View reviewed changes
Copy link
Contributor

@joshaberjoshaber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for digging into this! One thought and question ⚡

hello_world/settings.py
DEBUG = os.getenv("DEBUG")

ALLOWED_HOSTS = os.getenv('ALLOWED_HOSTS', '').split(',')
ALLOWED_HOSTS = ["*"]
Copy link
Contributor

@joshaberjoshaberMar 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the motivation for moving this into here, instead of keeping it in .env?

Copy link
Author

@martcppmartcppApr 8, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it is easy to access rather than keeping it in .env file and other will know it part of the setting as we don't push .env to GitHub @joshaber

.env.example
@@ -1,8 +1,7 @@
SECRET_KEY=my_secret_key
SECRET_KEY= replace with your secret key
Copy link
Contributor

@joshaberjoshaberMar 25, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you think about generating the secret as part of the postCreateCommand, so that devs don't have to manually do anything? The script is definitely an improvement, but ideally folks wouldn't have to know/care about generating the secret.

Copy link
Author

@martcppmartcppApr 8, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i taught of doing this but i feel incase of doing a cloud uploading must time people need to document or change their secret keys reason i added it as script @joshaber

Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@joshaberjoshaberjoshaber left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@martcpp@joshaber