I have just restarted the django polls tutorial out of pure frustration. I was trying to restart the project and establish github version control. when I pushed my project up to github it told me that there were secret keys uploaded. apparently this is a big no no. I went to stack overflow and found this article: Access GitHub Secret Key - Stack Overflow it is talking about a .github/workflows directory I have not made such a file. is that somethign that github makes on its own when I push up the code to the repository? How do I, upon startup prevent this from happening in the future? Do I write my secret key code down or something? (edited)
Run django-admin start project command project name.
Set up the project environment pip install django, pip upgrade pipp, pip install psycopg
Create a passwords.txt and grab the secret key and store that variable in.
Python3 -m venv project_env
Source project_env/bin/activate
Pip3 install django
Pip install psycopg3
Create an empty repository on github but do not execute the final command where it tells you to push everything.
Create a gitignore file and put your product_env and password.txt file in there.
Push the code.
My question is this, when I grab the secret key should I just transfer the whole variable into the file and completely remove it from settings.py? Or shoudl I copy it over to the passwords.txt file and than delete the key but leave the variable empty?
07:01/23 1pm
C: Yeah and then you just need to make sure you set an environment variable called SECRET_KEY with a random string when you run your code, there are a few ways to do that automatically or you can just set it manually
strikeouts27: 1. my issue is i cannot upload my secret key into github. I could repaste the secret key code back in, but I fear I would have the same problem
C: 1. yeah so your secret key never goes into git, I would add an instruction to your readme to say “generate a secret key and save it as an environment variable called SECRET_KEY” or something like that
striketous27: like this? Hastebin. thank you for your help by the way!
C: Yeah you got it
strikeouts27: KeyError: ‘SECRET_KEY’
C: 1. You need to set the environment variable
strikeouts27: 1. import os and secret_key = os.enviornm[“SECRET_KEY”] was accomplished
C:
Windows: set SECRET_KEY=123
Mac/Linux: export SECRET_KEY=123
Strikeouts27:
Yes! Wooho!
C: So you will need to run that every time you restart your PC, but there are ways to set it automatically
[4:52 PM]
Like a tool called dotenv
This SO post describes the setup with dotenv so is a good starting point
if I follow the stack over flow instructions I can confirm that I do not need to run the export command all by myself.
