As I am trying to design an elegant solution to the problem, I’ve checked a few intrinsics of Django and would like to give an overview to get some feedback. These are some implementations that I believe are well suited for the situation:
- Make secret variables available at runtime in
- Create committable secret files by encrypting the values (as adopted in other frameworks, like Rails’ secrets.yml)
- Create a friendly interface to allow developers to plug external secret vaults to the proposed solution (as a developer, one can plug an existing vault to make variables available in
settings, as mentioned in the first topic)
Given these few features, I’ve stumbled into a doubt. Is it possible to use the already existing SECRET_KEY to encrypt/decrypt the secret variables? I haven’t come to a solution to this problem yet, maybe an external file with a public-private key schema could also be used for that purpose, but it seems like it would require more setting up than the community expects.
Any feedback regarding this issue is welcome. I plan to develop a more detailed solution to submit as my formal proposal soon.