Allow to pass sensitive variables via the environment

WARNING! To pass the SECRET_KEY as en env variable, you should use
base64 encoding as the key is supposed to be a random string of bytes.

app/settings.py

@@ -9,16 +9,19 @@ This module implements the app default settings.
 :license: BSD 2-Clause, see LICENSE for more details.
 
 """
+import base64
 import os
 import raven
 from pathlib import Path
 from datetime import timedelta
 
-SQLALCHEMY_DATABASE_URI = "postgresql://ics:icspwd@postgres/csentry_db"
+SQLALCHEMY_DATABASE_URI = os.environ.get(
+    "SQLALCHEMY_DATABASE_URI", "postgresql://ics:icspwd@postgres/csentry_db"
+)
 SQLALCHEMY_TRACK_MODIFICATIONS = False
 BOOTSTRAP_SERVE_LOCAL = True
 SECRET_KEY = (
-    os.environ.get("SECRET_KEY")
+    base64.b64decode(os.environ.get("SECRET_KEY", ""))
     or b"\x0d\x11{\xd3\x13$\xeeel\xa6\xfb\x1d~\xfd\xb2\x9d\x16\x00\xfb5\xd64\xd4\xe0"
 )
 
@@ -37,8 +40,8 @@ LDAP_HOST = "esss.lu.se"
 LDAP_BASE_DN = "DC=esss,DC=lu,DC=se"
 LDAP_USER_DN = "OU=ESS Users"
 LDAP_GROUP_DN = ""
-LDAP_BIND_USER_DN = "ldapuser"
-LDAP_BIND_USER_PASSWORD = "secret"
+LDAP_BIND_USER_DN = os.environ.get("LDAP_BIND_USER_DN", "ldapuser")
+LDAP_BIND_USER_PASSWORD = os.environ.get("LDAP_BIND_USER_PASSWORD", "secret")
 LDAP_USER_RDN_ATTR = "cn"
 LDAP_USER_LOGIN_ATTR = "sAMAccountName"
 LDAP_ALWAYS_SEARCH_BIND = True
@@ -88,6 +91,6 @@ VIOC_MEMORY_CHOICES = [2, 4, 8]
 # Sentry integration
 CSENTRY_RELEASE = raven.fetch_git_sha(Path(__file__).parents[1])
 # Leave to empty string to disable sentry integration
-SENTRY_DSN = ""
+SENTRY_DSN = os.environ.get("SENTRY_DSN", "")
 SENTRY_USER_ATTRS = ["username"]
 SENTRY_CONFIG = {"release": CSENTRY_RELEASE}