Django 设置和 GitHub 操作秘密
[英]Django Settings and GitHub Action Secrets
问题描述
I have a Django project and am using a Postgres database.
我有一个Django项目,并且正在使用Postgres数据库。 I want to figure out a simpler way to store my credentials locally and on Github so that I can run tests in both places but where none of my sensitive info is in the git repo.我想找到一种更简单的方法来在本地和 Github 上存储我的凭据,这样我就可以在这两个地方运行测试,但我的敏感信息都不在 git 存储库中。
Even though the database only exists on my computer (and the Github test database only exists for about a minute at a time on GitHub) I want to use the best practice possible for SECRETS so when I do go live, I am all set.即使该数据库仅存在于我的计算机上(并且 Github 测试数据库在 GitHub 上一次仅存在大约一分钟),我想对 SECRETS 使用可能的最佳实践,所以当我进行go直播时,我已经准备好了。
Currently, the only sensitive data I have is database passwords.目前,我拥有的唯一敏感数据是数据库密码。 Here is how I am keeping my real passwords out of GitHub.这是我如何将我的真实密码保留在 GitHub 之外的方法。
settings.py (in Git): settings.py(在 Git 中):
VAR_1='abc'
VAR_2 = '123'
#DOES NOT INCLUDE DATABASE CONFIG
VAR_3 = 'efg'
# Add settings from local file into main settings
try:
from .localsettings import *
except ImportError:
import sys
print('localsettings not defined.')
localsettings.py (not in Git): localsettings.py(不在 Git 中):
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql_psycopg2',
'NAME': 'real-db-name',
'USER': 'real-user',
'PASSWORD': 'real-password',
'HOST': 'localhost',
'PORT': '',
}
}
testsettings.py (in Git): testsettings.py(在 Git 中):
# import main settings and then overright certian values
try:
from .settings import *
except ImportError:
import sys
print('settings not defined.')
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql_psycopg2',
'NAME': 'github-db-name',
'USER': 'github-db-user',
'PASSWORD': 'github-user-password',
'HOST': 'localhost',
'PORT': '',
}
}
With this setup I can run test normally locally python manage.py test but when I run them on Github I have to use python manage.py test --settings=path.to.testsettings使用此设置,我可以在本地正常运行测试python manage.py test但是当我在 Github 上运行它们时,我必须使用python manage.py test --settings=path.to.testsettings
Is there a way to store secrets locally similar to the way GitHub does so that I can just have one settings file and it will work locally and on GitHub?有没有一种类似于 GitHub 的方式在本地存储机密的方法,这样我就可以只有一个设置文件,它可以在本地和 GitHub 上工作?
1 个解决方案
解决方案1
0 2020-10-05 05:47:53
I would consider passing the secrets to Django config file from environment variables.我会考虑将秘密从环境变量传递给 Django 配置文件。 https://django-environ.readthedocs.io/en/latest/ https://django-environ.readthedocs.io/en/latest/
Then you have only to pass env variable with secrets to running container in Github actions.然后,您只需在 Github 操作中将带有秘密的 env 变量传递给正在运行的容器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.