Reputation: 62
what are the steps to check before uploading a django project to github to secure the project
When I uploaded my project to GitHub it sends me an email saying that my secret key is exposed to the project.
So what are the things to check before uploading a Django project to GitHub
Upvotes: 0
Views: 207
Answers (1)
Reputation: 8572
If your code follows best practices for modern web-development, all sensitive information lives in codebase and settings.py. Things to look for – signing secrets and hashing salt/pepper.
I would say, as a rule of thumb – you should never have settings.py that you expect to use in production saved in version control system (at least, unencrypted).
If you're trying to push development state, please explicitly change your secrets in settings.py to something obviously non-secret (like not-a-secret). Django generates quite "strong" secrets by default. I'd guess github analyzer is unhappy with that. Note tho, that changing secrets will affect a lot of ares – i.e. sessions or old pw reset links will be invalid, etc.
As related topic – please take a look at deployment checklist
Upvotes: 1
Related Questions
- Django uploading to Github, any important variables besides secret_key to keep a secret/protect?
- Uploading a django project to a github repo
- Would posting my code to github affect the security of my application?
- How should I upload a Django project to GitHub?
- Is it safe to upload my Django project to GitHub?
- Python Django project - What to include in code repository?
- How can we secure django python files for production release?
- Django Projects and git
- Update sensitive code on Github and server?
- What measures can I take to safeguard the source code of my django site from others?