>>> On 9 May 2018 at 04:06, Vishnu <[email protected]> wrote: >>>> >>>> Hi >>>> >>>> And also i couldn't figure out any way to hide passwords/ Sensitive >>>> information while creating app. > > Here's one way: > https://ultimatedjango.com/learn-django/lessons/handling-sensitive-keys/ > > Of course you need that information on the server where you are > running the application, but the secrets and passwords should not be > stored in a public repository. > What I often do is create something like > settings.py.sample > or perhaps just > secrets.py.sample > and commit that one with a fake password to repository. Then, whoever > wants to run the app, should first copy the file (removing the .sample > extension), enter the correct secret data and only then run the app. > > Again: you do need to have this information stored somewhere, it just > may not leak to a public repository. If you commit settings.py with > fake passwords and correct the password on that one file, you might > accidentally commit the change one day, so it's better to have a > separate file.
I didn’t see it mentioned so I’ll suggest adding secrets.py to .gitignore. For some Rails apps we used dotenv and I see they have it for python. https://github.com/theskumar/python-dotenv Same here, add .env to .gitignore. Regards, Bradley Giesbrecht (pixilla)
