added the a scripts help generate secret key #34
Conversation
|
|
||
| # SECURITY WARNING: don't run with debug turned on in production! | ||
| DEBUG = os.getenv("DEBUG") | ||
|
|
||
| ALLOWED_HOSTS = os.getenv('ALLOWED_HOSTS', '').split(',') | ||
| ALLOWED_HOSTS = ["*"] |
There was a problem hiding this comment.
What's the motivation for moving this into here, instead of keeping it in .env?
There was a problem hiding this comment.
it is easy to access rather than keeping it in .env file and other will know it part of the setting as we don't push .env to GitHub @joshaber
| @@ -1,8 +1,7 @@ | |||
| SECRET_KEY=my_secret_key | |||
| SECRET_KEY= replace with your secret key | |||
There was a problem hiding this comment.
What do you think about generating the secret as part of the postCreateCommand, so that devs don't have to manually do anything? The script is definitely an improvement, but ideally folks wouldn't have to know/care about generating the secret.
There was a problem hiding this comment.
i taught of doing this but i feel incase of doing a cloud uploading must time people need to document or change their secret keys reason i added it as script @joshaber
This pull request involves changes to improve the configuration and security of a Django project. The most significant changes include the introduction of a script to generate a secret key, changes to the
ALLOWED_HOSTSandSECRET_KEYsettings inhello_world/settings.py, and updates to theREADME.mdand.env.examplefiles.Security improvements:
secretgen.py: A new Python script was added to generate a random secret key for Django projects. This script uses Django'sget_random_secret_keyfunction to generate the key and instructs the user to replace the secret key in their.envfile with the generated key.Documentation updates:
README.md: Instructions were added on how to generate a secret key for a Django project using the newsecretgen.pyscript.