From 202f979403435b6d3c0a2f868c0bf346f2ba1057 Mon Sep 17 00:00:00 2001 From: Emmy D'Anello Date: Sat, 13 Jan 2024 19:58:15 +0100 Subject: [PATCH] Put secret key in env settings, fix security issue Signed-off-by: Emmy D'Anello --- tfjm/settings.py | 2 +- tfjm/settings_prod.py | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/tfjm/settings.py b/tfjm/settings.py index 7c489ee..7268cec 100644 --- a/tfjm/settings.py +++ b/tfjm/settings.py @@ -29,7 +29,7 @@ ADMINS = [("Emmy D'Anello", "emmy.danello@animath.fr")] # See https://docs.djangoproject.com/en/3.0/howto/deployment/checklist/ # SECURITY WARNING: keep the secret key used in production secret! -SECRET_KEY = '6$wl1=ehfoiymin3m3i-wyx5d3t=1h7g4(j2izn*my)*yiq#he' +SECRET_KEY = os.getenv('DJANGO_SECRET_KEY', 'CHANGE_ME_IN_ENV_SETTINGS') # SECURITY WARNING: don't run with debug turned on in production! DEBUG = True diff --git a/tfjm/settings_prod.py b/tfjm/settings_prod.py index 013f43b..198b2c4 100644 --- a/tfjm/settings_prod.py +++ b/tfjm/settings_prod.py @@ -9,8 +9,6 @@ DEBUG = False # Mandatory ! ALLOWED_HOSTS = ['inscription.tfjm.org', 'plateforme.tfjm.org'] -SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY', 'CHANGE_ME_IN_ENV_SETTINGS') - # Emails EMAIL_BACKEND = 'mailer.backend.DbBackend' MAILER_EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'