隐藏用于Heroku Django部署的settings.py密码 [英] Hiding settings.py passwords for Heroku Django deployment
问题描述
我在settings.py中有敏感数据(数据库密码),建议我将其Django项目上载到github存储库,然后再按其"Heroku上的Django入门"将其推送到Heroku.如果我将settings.py放在.gitignore中,那么大概不会与我的项目一起部署它.如何防止暴露settings.py,但仍将其与我的项目一起部署?
I have sensitive data (database passwords) in settings.py and I was advised to upload my Django project to a github repository before pushing it to Heroku on their "Getting Started with Django on Heroku". If I put settings.py in .gitignore, then presumably it won't get deployed with my project. How can I prevent settings.py from being exposed but still get it deployed with my project ?
推荐答案
您可以使用环境变量(通过 heroku config:add SECRET = my-secret
)设置敏感数据并在您的计算机中检索它们设置:
You can use environment variables (with heroku config:add SECRET=my-secret
) to setup sensitive data and retrieve them in your settings with:
SECRET = os.environ.get('SECRET', 'my-default-secret-key')
如果您不希望在未设置某些数据的情况下启动应用,请改用以下语法:
If you don't want to be able to start your app without having set up some data, use this syntax instead:
SECRET = os.environ['SECRET']
如果您未设置 SECRET
环境变量,它将引发异常.
It will raise an exception if you didn't set the SECRET
environment variable.
这篇关于隐藏用于Heroku Django部署的settings.py密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!