Django Secret Key Management

I have just restarted the django polls tutorial out of pure frustration. I was trying to restart the project and establish github version control. when I pushed my project up to github it told me that there were secret keys uploaded. apparently this is a big no no. I went to stack overflow and found this article: Access GitHub Secret Key - Stack Overflow it is talking about a .github/workflows directory I have not made such a file. is that somethign that github makes on its own when I push up the code to the repository? How do I, upon startup prevent this from happening in the future? Do I write my secret key code down or something? (edited)

Stack Overflow

Access GitHub Secret Key

I have been informed that I need to make a .env file or a .txt file and name that file during startup going forward.


Run django-admin start project command project name.

Set up the project environment pip install django, pip upgrade pipp, pip install psycopg

Create a passwords.txt and grab the secret key and store that variable in.

Python3 -m venv project_env

Source project_env/bin/activate

Pip3 install django

Pip install psycopg3

Create an empty repository on github but do not execute the final command where it tells you to push everything.

Create a gitignore file and put your product_env and password.txt file in there.

Push the code.

My question is this, when I grab the secret key should I just transfer the whole variable into the file and completely remove it from Or shoudl I copy it over to the passwords.txt file and than delete the key but leave the variable empty?

When I tried to run the polls app I got this error message. I think it is related to the variable being missing.

07:01/23 1pm
C: Yeah and then you just need to make sure you set an environment variable called SECRET_KEY with a random string when you run your code, there are a few ways to do that automatically or you can just set it manually

strikeouts27: 1. my issue is i cannot upload my secret key into github. I could repaste the secret key code back in, but I fear I would have the same problem

C: 1. yeah so your secret key never goes into git, I would add an instruction to your readme to say “generate a secret key and save it as an environment variable called SECRET_KEY” or something like that

striketous27: like this?
Hastebin. thank you for your help by the way!

C: Yeah you got it :slightly_smiling_face:
strikeouts27: KeyError: ‘SECRET_KEY’

C: 1. You need to set the environment variable

strikeouts27: 1. import os and secret_key = os.enviornm[“SECRET_KEY”] was accomplished

Windows: set SECRET_KEY=123
Mac/Linux: export SECRET_KEY=123

Yes! Wooho!

C: So you will need to run that every time you restart your PC, but there are ways to set it automatically
[4:52 PM]
Like a tool called dotenv
This SO post describes the setup with dotenv so is a good starting point

if I follow the stack over flow instructions I can confirm that I do not need to run the export command all by myself.



This is one way to do it.