Put Secrets in Environment Variables#

Secrets like Django’s SECRET_KEY don’t belong in a container image or a public repository. They need to be handled in a way that protects them from being revealed. With containers, the most common way to do that is to put secrets in environment variables. This lab will show you how to use an environment variable in Python.

Edit Django’s Configuration#

Django’s configuration is Python where using environment variables isn’t quite as easy as with the shell. Edit your mysite/config.py file and add the following line to the top near the other import statements:

import os


Now find the line that looks like this:

SECRET_KEY = 'django-insecure-@o71s+_^+tm0*33j7gv3xrjjtue5)z55sjg40urg(7pu*8kl)5'


And change it to this:

SECRET_KEY = os.environ['SECRET_KEY']


If you try to start Django now you should see an error:

$python3 ./manage.py runserver python3 ./manage.py runserver Traceback (most recent call last): File "/home/maximus/lifealgorithmic-web/work/cis-92/django/mysite/./manage.py", line 22, in <module> main() File "/home/maximus/lifealgorithmic-web/work/cis-92/django/mysite/./manage.py", line 18, in main execute_from_command_line(sys.argv) File "/home/maximus/.local/lib/python3.10/site-packages/django/core/management/__init__.py", line 446, in execute_from_command_line utility.execute() File "/home/maximus/.local/lib/python3.10/site-packages/django/core/management/__init__.py", line 386, in execute settings.INSTALLED_APPS File "/home/maximus/.local/lib/python3.10/site-packages/django/conf/__init__.py", line 92, in __getattr__ self._setup(name) File "/home/maximus/.local/lib/python3.10/site-packages/django/conf/__init__.py", line 79, in _setup self._wrapped = Settings(settings_module) File "/home/maximus/.local/lib/python3.10/site-packages/django/conf/__init__.py", line 190, in __init__ mod = importlib.import_module(self.SETTINGS_MODULE) File "/usr/lib/python3.10/importlib/__init__.py", line 126, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "<frozen importlib._bootstrap>", line 1050, in _gcd_import File "<frozen importlib._bootstrap>", line 1027, in _find_and_load File "<frozen importlib._bootstrap>", line 1006, in _find_and_load_unlocked File "<frozen importlib._bootstrap>", line 688, in _load_unlocked File "<frozen importlib._bootstrap_external>", line 883, in exec_module File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed File "/home/maximus/lifealgorithmic-web/work/cis-92/django/mysite/mysite/settings.py", line 24, in <module> SECRET_KEY = os.environ['SECRET_KEY'] File "/usr/lib/python3.10/os.py", line 679, in __getitem__ raise KeyError(key) from None KeyError: 'SECRET_KEY'  Set an Environment Variable in Docker# You should already know how to set an environment variable in the shell. But local variables don’t affect docker containers. Rebuild your container on your dev box with the new code: $ docker build -t mysite .


Now run the new container and set an environment variable:

\$ docker run -it --rm -e SECRET_KEY=django-super-secret-key -p 8080:8000 mysite