当生成的 SECRET_KEY 以“$”开头时,如何从环境文件中转义 Django 中的 SECRET_KEY?
[英]How to escape SECRET_KEY in Django from environment file when generated SECRET_KEY begins with '$'?
问题描述
In my Django project I have a .env file that contains the SECRET_KEY for the production settings.
在我的 Django 项目中,我有一个.env文件,其中包含用于生产设置的SECRET_KEY 。
I generated the secret key by running a script from the command line (Here it just prints the generated key as an example).我通过从命令行运行脚本来生成密钥(这里它只是打印生成的密钥作为示例)。
python -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())'
It just so happens that a secret key was generated that started with a '$' character.碰巧生成了一个以'$'字符开头的密钥。
My .env file looked like this.我的.env文件看起来像这样。
DJANGO_SECRET_KEY=$*%0e@-7suq*h#2(srya8n&lhb(qy+73xj_db)tpq4qenknk2%
This is read in my production settings file in the following way这是通过以下方式在我的生产设置文件中读取的
import os
import environ
env = environ.Env()
# BASE_DIR is the root level directory of the project
env_file = os.path.join(BASE_DIR, '.env')
if os.path.exists(env_file):
environ.Env.read_env(env_file=env_file) # reading .env file
SECRET_KEY = env('DJANGO_SECRET_KEY')
When I run my Django project with this secret key I get the following error当我使用此密钥运行我的 Django 项目时,出现以下错误
django.core.exceptions.ImproperlyConfigured: Set the *%0e@-7suq*h#2(srya8n&lhb(qy+73xj_db)tpq4qenknk2% environment variable
Because of the '$' character Django seems to think that the secret key value is an environment variable itself.由于'$'字符 Django 似乎认为密钥值本身就是一个环境变量。 This is understandable as environment variables in Bash have a '$' prefix.这是可以理解的,因为 Bash 中的环境变量具有'$'前缀。
But when I try changing the.env file to但是当我尝试将 .env 文件更改为
DJANGO_SECRET_KEY='$*%0e@-7suq*h#2(srya8n&lhb(qy+73xj_db)tpq4qenknk2%'
or或者
DJANGO_SECRET_KEY="$*%0e@-7suq*h#2(srya8n&lhb(qy+73xj_db)tpq4qenknk2%"
I get the same error.我犯了同样的错误。
How do I escape the SECRET_KEY in an.env file on the off chance a secret key is generated with a leading '$' (that works in DJango using my production settings code)?如果生成带有前导'$'密钥(使用我的生产设置代码在 DJango 中工作),我如何转义 an.env 文件中的 SECRET_KEY?
django version: 3.0.3 django 版本:3.0.3
django-environ version: 0.4.5 django 环境版本:0.4.5
2 个解决方案
解决方案1
0 2021-01-08 21:46:11
解决方案2
0 2022-08-04 19:11:19
There seem to be two ways to solve this problem.似乎有两种方法可以解决这个问题。
The first is to be explcit about what is in your .env file, using django_environ :首先是使用django_environ .env文件中的内容:
#.env
SECRET_KEY=(str, '$*%0e@-7suq*h#2(srya8n&lhb(qy+73xj_db)tpq4qenknk2%')
The other is to do as is indicated in the article linked to above ( https://dev.to/vladyslavnua/how-to-protect-your-django-secret-and-oauth-keys-53fl ), which effectively suggests that the same issue is present in django_environ and dotenv .另一种方法是按照上面链接的文章( https://dev.to/vladyslavnua/how-to-protect-your-django-secret-and-oauth-keys-53fl )中的说明进行操作,这有效地表明django_environ和dotenv也存在同样的问题。
When retrieving the .env value (using dotenv ):检索.env值时(使用dotenv ):
#settings.py
SECRET_KEY = str(os.getenv('SECRET_KEY'))
In both cases you are explicitly indicating to django that the values retrieved are strings.在这两种情况下,您都明确向 django 指示检索到的值是字符串。 You could potentially run into other issues like this, and need to be explicit about the data type returned:您可能会遇到类似这样的其他问题,并且需要明确返回的数据类型:
#.env
DEBUG=(bool, True)
SOME_INT=(int, 1)
…
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.