[英]How to escape SECRET_KEY in Django from environment file when generated SECRET_KEY begins with '$'?
In my Django project I have a .env
file that contains the SECRET_KEY
for the production settings.在我的 Django 项目中,我有一个
.env
文件,其中包含用于生产设置的SECRET_KEY
。
I generated the secret key by running a script from the command line (Here it just prints the generated key as an example).我通过从命令行运行脚本来生成密钥(这里它只是打印生成的密钥作为示例)。
python -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())'
It just so happens that a secret key was generated that started with a '$'
character.碰巧生成了一个以
'$'
字符开头的密钥。
My .env
file looked like this.我的
.env
文件看起来像这样。
DJANGO_SECRET_KEY=$*%0e@-7suq*h#2(srya8n&lhb(qy+73xj_db)tpq4qenknk2%
This is read in my production settings file in the following way这是通过以下方式在我的生产设置文件中读取的
import os
import environ
env = environ.Env()
# BASE_DIR is the root level directory of the project
env_file = os.path.join(BASE_DIR, '.env')
if os.path.exists(env_file):
environ.Env.read_env(env_file=env_file) # reading .env file
SECRET_KEY = env('DJANGO_SECRET_KEY')
When I run my Django project with this secret key I get the following error当我使用此密钥运行我的 Django 项目时,出现以下错误
django.core.exceptions.ImproperlyConfigured: Set the *%0e@-7suq*h#2(srya8n&lhb(qy+73xj_db)tpq4qenknk2% environment variable
Because of the '$'
character Django seems to think that the secret key value is an environment variable itself.由于
'$'
字符 Django 似乎认为密钥值本身就是一个环境变量。 This is understandable as environment variables in Bash have a '$'
prefix.这是可以理解的,因为 Bash 中的环境变量具有
'$'
前缀。
But when I try changing the.env file to但是当我尝试将 .env 文件更改为
DJANGO_SECRET_KEY='$*%0e@-7suq*h#2(srya8n&lhb(qy+73xj_db)tpq4qenknk2%'
or或者
DJANGO_SECRET_KEY="$*%0e@-7suq*h#2(srya8n&lhb(qy+73xj_db)tpq4qenknk2%"
I get the same error.我犯了同样的错误。
'$'
(that works in DJango using my production settings code)?'$'
密钥(使用我的生产设置代码在 DJango 中工作),我如何转义 an.env 文件中的 SECRET_KEY? django version: 3.0.3 django 版本:3.0.3
django-environ version: 0.4.5 django 环境版本:0.4.5
There seem to be two ways to solve this problem.似乎有两种方法可以解决这个问题。
The first is to be explcit about what is in your .env
file, using django_environ
:首先是使用
django_environ
.env
文件中的内容:
#.env
SECRET_KEY=(str, '$*%0e@-7suq*h#2(srya8n&lhb(qy+73xj_db)tpq4qenknk2%')
The other is to do as is indicated in the article linked to above ( https://dev.to/vladyslavnua/how-to-protect-your-django-secret-and-oauth-keys-53fl ), which effectively suggests that the same issue is present in django_environ
and dotenv
.另一种方法是按照上面链接的文章( https://dev.to/vladyslavnua/how-to-protect-your-django-secret-and-oauth-keys-53fl )中的说明进行操作,这有效地表明
django_environ
和dotenv
也存在同样的问题。
When retrieving the .env
value (using dotenv
):检索
.env
值时(使用dotenv
):
#settings.py
SECRET_KEY = str(os.getenv('SECRET_KEY'))
In both cases you are explicitly indicating to django that the values retrieved are strings.在这两种情况下,您都明确向 django 指示检索到的值是字符串。 You could potentially run into other issues like this, and need to be explicit about the data type returned:
您可能会遇到类似这样的其他问题,并且需要明确返回的数据类型:
#.env
DEBUG=(bool, True)
SOME_INT=(int, 1)
…
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.