This one will be short and will be about keeping our sensitive data (passwords, secretkeys etc) in a secure place instead of settings.py.
I will create a new folder under /etc and name it as prj_movies_secret. Then create a file named config.json
cd /etc
sudo mkdir prj_movies_secret
sudo touch /etc/prj_movies_secret/config.json
Copy the SECRET_KEY from settings.py and paste in config.json like below. Note that we dont just copyand paste that line. This line is in the dictionary format like this("key" : "value"). Use colon insteadof equal symbol.
Then save it.
{
"SECRET_KEY":"pb))_wwhh_v=dda6nc@jimxec7(pm4!uswdfwf6n_*+-(2-mg"
}
Similarly, you can add other sensitive info from settings.py such as usernames, passwords etc
We need to edit our settings.py like below to let config file to work
add these lines just after import os as you see below.
import os
import json
with open('/etc/prj_movies_secret/config.json') as config_file:
config = json.load(config_file)
In Settings.py, modify the SECRET_KEY configuration like this. I need to declare that the value is in config file and add the dictionary key which I created in the config file
SECRET_KEY = config['SECRET_KEY']
If you are getting username or password info from that config file, you need to use config.get not config only
EMAIL_USER = config.get('EMAIL_USER')