chore: Remove SECRET_KEY from source control

- remove the SECRET_KEY from source control and use and environment variable to access it - update app.json file to pull the SECRET_KEY from staging
andela · Jan 30, 2019 · 45f53f7 · 45f53f7
1 parent 8f4e3dc
commit 45f53f7
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/app.json b/app.json
@@ -7,6 +7,9 @@
   "env": {
     "STAGING_DATABASE_URL": {
       "required": true
+    },
+    "SECRET_KEY": {
+      "required": true
     }
   },
   "formation": {},

diff --git a/authors/settings/base.py b/authors/settings/base.py
@@ -19,7 +19,7 @@
 # See https://docs.djangoproject.com/en/1.11/howto/deployment/checklist/
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = '7pgozr2jn7zs_o%i8id6=rddie!*0f0qy3$oy$(8231i^4*@u3'
+SECRET_KEY = os.environ.get('SECRET_KEY')
 
 # locations this application can be hosted
 ALLOWED_HOSTS = [".herokuapp.com", "127.0.0.1", "localhost"]