This article is 2nd of Let's learn Django together in which we created a virtual environment and started a simple Diary project.
At one point, we would like to make our application live. Or at least to show the code to someone. Or simply have the history of our changes. Or store our code somewhere online. We can do it using a control version. The most popular version control system is called Git, and the most popular hosting provider is GitHub.
Part 2: How to prepare project before adding Git (version control)
Content
Step 1: Create .gitignore file
The file should be created in the main folder. There we write titles of all files we don't want to add to Git and push on GitHub. We usually don't want to have files with our virtual environment or settings for our code editor. We shouldn't store media files on GitHub (if we were adding them to our local database and don't want to have them live) as well as our local database. We can generate a .gitignore file using a gitignore.io website and copy it into our .gitignore
Step 2: Install python-decouple
python-decouple is the library that separates the instance settings from code and allows to make changes in settings without redeploying the application. By instance settings, I mean all the secrets like secret_key, your database settings and passwords to your database or your Amazon S3 bucket and so on.
We need only an additional file called: .env and then we don't need different types of setting files (at least in a small app like the one we are building)
Let's install the python-decouple library. (https://pypi.org/project/python-decouple/) First, we need to make sure that we have our virtual environment activated. If not, we need to do it now:
pipenv shell
Be careful because python-decouple or decouple are not the same. There is also django-decouple library, but it isn't supported any longer.
pipenv install python-decouple
Now we can create a .env file. It also should be in the main folder.
Step 3: Store all sensitive data in .env file
What should we store in .env file?
Secret key:
We can start with storing there SECRET_KEY, that was generated when we were creating our project and we can find it in the website/settings.py file. Of course, everyone needs to use the secret key from their own application, not the one I'm posting below.
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY="u*all#5570^61u-*02l5m2f#sjs$^bq=z7$^5)pen^#)0yb#^%"
Debug
Another variable is DEBUG. As we can read in settings, we shouldn't have DEBUG = True when we want to have our application live. It is an excellent tool to use locally. It allows us to see errors we made in our code and more easily find them and also find the solutions. Thanks to it, our media and static will also be applied locally.
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
But on production, it can lead to leaks of information like local variables, settings, libraries used and so on. So it is useful to set DEGUB to False on production and to True locally. We can do it adding DEBUG=True to .env file.
At the moment, we are storing only 2 variables in our .env file. While building the project, we may add some more things there.
Step 4: How to use python-decouple in settings.py file
Now we need to import config object from decouple library in settings.py
Let's add from decouple import config
at the top of the file (even though the library is called python-decouple).
And then, we have to change our configuration parameters using config like this:
SECRET_KEY = config('SECRET_KEY')
DEBUG = config('DEBUG', default=False, cast=bool)
Now we can initialize Git and push our code on GitHub or GitLab or Bitbucket. The instruction to install Git: https://www.atlassian.com/git/tutorials/install-git
Step 5: How to change Secret Key
You should never push your SECRET_KEY on GitHub.
But if you did it, there is always a possibility to generate a new secret key. You can use a tool like this: https://djecrety.ir/ or you can run this command in your command line:
python -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())'
And add generated key to the .env file remembering about using only config('SECRET_KEY') in settings.py file.
In this part we:
- Created .gitingore file
- Installed python-decouple library
- Created .env file and stored there our secret key
- Used config object from decouple library to link variables from .env file with settings.py
- Learned how to create a new secret key if needed.
Commands used in the terminal (specific for Python/Django project)
pipenv shell
pipenv install python-decouple
In my next article I will write about adding an app to a Django project and about using templates (html files)
Top comments (1)
Cool guide I really want to ready more Python articles.