From 69e62af98fb48451f9953f1fc00a66ad6e246543 Mon Sep 17 00:00:00 2001
From: Benjamin Bertrand <benjamin.bertrand@esss.se>
Date: Fri, 14 Sep 2018 13:24:16 +0200
Subject: [PATCH] Allow to pass sensitive variables via the environment
WARNING! To pass the SECRET_KEY as en env variable, you should use
base64 encoding as the key is supposed to be a random string of bytes.
---
app/settings.py | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/app/settings.py b/app/settings.py
index 7cb81e0..c9db033 100644
--- a/app/settings.py
+++ b/app/settings.py
@@ -9,16 +9,19 @@ This module implements the app default settings.
:license: BSD 2-Clause, see LICENSE for more details.
"""
+import base64
import os
import raven
from pathlib import Path
from datetime import timedelta
-SQLALCHEMY_DATABASE_URI = "postgresql://ics:icspwd@postgres/csentry_db"
+SQLALCHEMY_DATABASE_URI = os.environ.get(
+ "SQLALCHEMY_DATABASE_URI", "postgresql://ics:icspwd@postgres/csentry_db"
+)
SQLALCHEMY_TRACK_MODIFICATIONS = False
BOOTSTRAP_SERVE_LOCAL = True
SECRET_KEY = (
- os.environ.get("SECRET_KEY")
+ base64.b64decode(os.environ.get("SECRET_KEY", ""))
or b"\x0d\x11{\xd3\x13$\xeeel\xa6\xfb\x1d~\xfd\xb2\x9d\x16\x00\xfb5\xd64\xd4\xe0"
)
@@ -37,8 +40,8 @@ LDAP_HOST = "esss.lu.se"
LDAP_BASE_DN = "DC=esss,DC=lu,DC=se"
LDAP_USER_DN = "OU=ESS Users"
LDAP_GROUP_DN = ""
-LDAP_BIND_USER_DN = "ldapuser"
-LDAP_BIND_USER_PASSWORD = "secret"
+LDAP_BIND_USER_DN = os.environ.get("LDAP_BIND_USER_DN", "ldapuser")
+LDAP_BIND_USER_PASSWORD = os.environ.get("LDAP_BIND_USER_PASSWORD", "secret")
LDAP_USER_RDN_ATTR = "cn"
LDAP_USER_LOGIN_ATTR = "sAMAccountName"
LDAP_ALWAYS_SEARCH_BIND = True
@@ -88,6 +91,6 @@ VIOC_MEMORY_CHOICES = [2, 4, 8]
# Sentry integration
CSENTRY_RELEASE = raven.fetch_git_sha(Path(__file__).parents[1])
# Leave to empty string to disable sentry integration
-SENTRY_DSN = ""
+SENTRY_DSN = os.environ.get("SENTRY_DSN", "")
SENTRY_USER_ATTRS = ["username"]
SENTRY_CONFIG = {"release": CSENTRY_RELEASE}
--
GitLab