Im using Python and Django to create a Heroku web app and Heroku gives me this error after the command 'git push heroku master': ModuleNotFoundError: No module named 'dlist.secret_settings' when attempting to do this:
#settings.py
from .secret_settings import *
# from secret_settings.py import * doesn't work for some reason.
Here is what secret_settings.py (which is in the same folder as settings.py) contains:
#secret_settings.py
SECRET_KEY = 'string here'
The problem is, this works when I test my web app on my local server (ie http://127.0.0.1:8000/), but its not working when I push these changes to Heroku. All I want to do is hide my SECRET_KEY, per others advice, as you can see. Ive looked at others suggestions and I can't seem to figure it out, choosing this method because it was understandable. Very frustrating. Beginner friendly answers/steps are greatly appreciated.
I'm guessing you've configured Git to ignore secret_settings.py. That's the only reason I can think of to create a separate file.
Heroku deploys are powered by Git. Since secret_settings.py isn't tracked by Git it doesn't get pushed to Heroku. You could add the file to your repository, but that would defeat the purpose of having a separate untracked file in the first place.
The solution is to use an environment variable. This is well-supported on Heroku.
In your settings.py file, set your SECRET_KEY using os.getenv() like this:
import os
SECRET_KEY = os.getenv('SECRET_KEY', 'Optional default value')
This tells Django to load your SECRET_KEY setting from an environment variable called SECRET_KEY. If no such environment variable exists it will fall back to the optional default value. On your development machine it's probably fine to use the default.
Finally, set the SECRET_KEY environment variable on Heroku. You can do this by running heroku config:set SECRET_KEY="YOUR_SECRET_KEY_VALUE" on your development machine, or via Heroku's web-based dashboard.
Your secret_settings.py file is no longer required.
Related
I'm trying to deploy a Django app on Heroku. As recommended for security, I don't want to commit and push my secret key from the settings.py file, so I put the key in a separate file and imported it into settings.py. I put my file containing the secret key into .gitignore so that it doesn't get committed.
Now the problem is when I'm pushing to Heroku, I get a ModuleNotFoundError - which makes sense because this file was never committed. Is there a workaround or best practice to use secret keys without exposing them?
It seems you noticed what happened when you excluded the file: it's not there and this is exactly how the security is achieved. The obvious problem now is how does the program get access to the data anyway.
On Heroku, this in handled by setting environment variables on your app that you will then read out when initializing your program -- how this is done differs between programming languages.
So either go https://dashboard.heroku.com/apps/<your-app>/settings and set the variables there. Or utilize the command-line tool like this:
heroku config:set KEY=value -a your-app
The next question then is how you handle this in for local development. A simple solution could be to check for the existence of the git-ignored file, and if it exists use it, otherwise read the values from the environment.
I changed my secret key to an environment variable on my Heroku app. I changed it because I found out that keeping the secret key in settings.py was a security risk.
However, now it won't work locally when I use python manage.py runserver. It gives an error about the secret key.
How do I fix it so I can develop my Heroku app locally?
You can export your secret key as an environment variable locally.
export SECRET_KEY=mysecretkey
./manage.py runserver
Or you could change your settings.py to use a hardcoded secret key in DEBUG mode. If you do this, make sure you are running with DEBUG = False on Heroku.
import os
if DEBUG:
SECRET_KEY = 'mysecretkey'
else:
SECRET_KEY = os.environ['SECRET_KEY']
You have to set your environmental variables in your development environment.
Windows
Go to Computer > Properties > Advanced System Settings.
Go to the Advanced tab, and at the bottom there is an Environment Variables... button.
In there you can edit the variables as you like.
Linux
Edit /etc/environment to include:
SECRET_KEY = <yoursecretkey>
or
You should be using a virtual environment to isolate your system Python installation from your different projects (it solves conflicting version requirements) and to make deployment easier. Virtualenv Tutorial
To activate your virtual environment when you want to use it there is a shell script located at <your_virtualenv>/bin/activate that handles changing all the environmental variables that make the virtual environment work.
Add:
SECRET_KEY='<yoursecretkey>'
export SECRET_KEY
to the bottom of the activate file and when it is run it will add (export) the environmental variable.
I had a bit of trouble working this out too, found my answer here: Set up your local environment variables
If you are using heroku local to develop locally, this might work for you. I just needed to include this line in an .env file placed in the top directory with my Procfile:
SECRET_KEY = 'yourkey'
And in settings.py:
os.environ.get('SECRET_KEY')
This works great for me. Otherwise if for whatever reason you aren't using heroku local, maybe you could try importing your key from another file when working locally (and placing this file in your gitignore), and swapping back to the heroku config variable for deployment.
I am ready to deploy my project. Everything I learned is on my own and I am confused about the SECRET_KEY placement. As stated above, am I supposed to create a file use, .env or os.py to store my SECRET_KEY? It's not to clear to me and none of my tutorials mention this.
EDIT I plan on hosting on heroku
Since you are hosting on Heroku, you shouldn't manually create file on your server to store the SECRET_KEY, since it will be deleted on server restart. I would use Heroku environment variables, which can be set from your command line:
heroku config:set SECRET_KEY=some_very_secret_key
You can then easily read it in your Django settings:
os.environ['SECRET_KEY']
For more details see: https://devcenter.heroku.com/articles/config-vars
This is a bit embarassing, but I'm a Django noob and I couldn't find a simple solution to this:
I have written a Django app in a local VM that I now want to deploy to a "production" server. App works like a charm locally.
Now my IT colleague has set up the server with Django and that also works fine. I can open it via the Web and I get the usual "Congratulations on your first Django-powered page". I can also log into the admin interface. The project has been created.
This is a very low-key mini project and I'm not too familiar with git, so we've decided to just push files via FTP. (And I want to stick with that if at all possible.) So I uploaded the app folder into the project folder and also adjusted the project's settings.py and urls.py.
However, nothing seems to be happening on the server's end. The welcome page is the same, the app does not show up in the admin interface and the URLs won't be resolved as hoped.
Any suggestions what I should have done / done differently?
You need to restart apache or whatever is running your django project. Your changes to py files are cached when you first load your server config (settings).
Any suggestions what I should have done / done differently?
You should be using git/jenkins/deployment techniques, I know you said you've decided not to use it but you're going to be missing out on important things like being able to keep track of changes and unit testing
How do I use my production settings with heroku? This is my first attempt at any project deployment that I created ever, so I may be doing things completely wrong. I have a settings.py file and a settings_production file, but I can't seem to figure out how to get the production settings to work. I tried changing my manage.py from
"DJANGO_SETTINGS_MODULE", "myproject.settings"
to
"DJANGO_SETTINGS_MODULE", "myproject.settings_production"
then using the commands
git add .
git commit -m "production settings"
and I have also just tried changing DEBUG to False in my settings.py file. How do you commit changes to your settings in heroku or point to the correct file? I was able to get through the tutorial successfully, but I have not had luck trying to deploy my project. Also, should there be code that I add to manage.py that checks if it is a production or develop environment and uses the correct settings file accordingly, or do I manually change it? Still learning so I could be doing it completely wrong. Thanks for any help.
In Heroku, you can configure environment variables - they are called config vars.
The DJANGO_SETTINGS_MODULE environment variable should be set to myproject.settings_production.
Your manage.py is probably not being run in Heroku (there are other ways to run a Django app), which is why your change didn't work.