4

I apologize if this is a duplicate question but I can't find an answer online. In Django Checklist Docs I see the following to keep secret key secure.

with open('/etc/secret_key.txt') as f:
    SECRET_KEY = f.read().strip()

My project is deployed with AWS EBS.

I've created a separate file called "secret_key.txt" which holds the key. How is this more secure than keeping the key in the settings.py config file? If someone can access my projects settings.py file to access the key, would they not be able to access the "secret_key.txt" file as well? How is creating a "secret_key.txt" file more secure?

I've checked Google and Stack Overflow for reasoning but can't find an answer. Currently all sensitive information is protected using an .env file and including this file in .gitignore.

Improve this question
1
  • 1
    Usually static secret text files are in a directory that is not accessible by the server, but only programs running on the server, so knowing the file name wouldn't help a person get access. Commented Nov 14, 2022 at 22:49

1 Answer 1

Reset to default
9

You usually add that file to the .gitignore, such that the file is not part of the (GitHub) repository. This means that you can add (other) settings in the project, and you load "sensitive" settings through environment variables, or files.

This hackernoon post for example, discusses four ways to define sensitive variables such that these are not defined in files that you add to the subversioning system.

Usually it is advisable to incude a settings.py in the project however, stripped from sensitive data. That way a peer can easily set up the project all the other (required) settings, and thus only has to define a limited number of sensitive variable to get the project running.

I think however using an environment variable might be better, since it is probably easier to specify this, and thus to manage a number of processes that all might work with different values.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.