Reputation: 83527
Google OAuth with Django
I am following How to sign in with the Google+ API using Django? to use Google Sign In for my Django app. I am on the step that says
Add the SOCIAL_AUTH_GOOGLE_OAUTH2_KEY and SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET settings with the client key and secret you created earlier.
I am wary of adding these directly to settings.py because they will then be committed to my git repo. How can I make these values available in my app without exposing them unnecessarily?
I think environment variables are common for this purpose. I also see that I can download a JSON file from my Google Developer Console.
Upvotes: 1
Views: 124
Answers (1)
Reputation: 1324248
As mentioned here, the idea is to only version a template for settings.py, not the actual file (with its secret values)
I prefer for that using a content filter driver as I describe here.
That would generate automatically your settings.py with the correct values on git checkout.
And you need to do is then figure out from where you want to fetch those sensitive values. For instance, an online Hashicorp Vault.
Upvotes: 1
Related Questions
- Google API OAuth 2 and Django
- django Google-Oauth authentication error
- Oauth2 using Python 3.4 and Django 1.7
- oauth google using python
- Oauth for Google API example using Python / Django
- how to implement google login in django
- About Github OAuth authentication
- Google apps login in django
- oauth , python and google API?
- use python / django to let users login to my site using their google credentials