Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change Django secret key to make it more obvious it's a shim value #3422

Merged
merged 1 commit into from
Dec 5, 2023
Merged

Change Django secret key to make it more obvious it's a shim value #3422

merged 1 commit into from
Dec 5, 2023

Conversation

AetherUnbound
Copy link
Collaborator

Description

This PR makes a quick change to the config for the local application to make it clear that the secret key which is used is not an erroneously exposed value used in live environments.

Testing Instructions

  1. Change the key in your api/.env file locally if you have one
  2. just a and check that the API is accessible & searchable at http://localhost:50270

Checklist

  • My pull request has a descriptive title (not a vague title likeUpdate index.md).
  • My pull request targets the default branch of the repository (main) or a parent feature branch.
  • My commit messages follow best practices.
  • My code follows the established code style of the repository.
  • I added or updated tests for the changes I made (if applicable).
  • I added or updated documentation (if applicable).
  • I tried running the project locally and verified that there are no visible errors.
  • I ran the DAG documentation generator (if applicable).

Developer Certificate of Origin

Developer Certificate of Origin 
Developer Certificate of Origin
Version 1.1

Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
1 Letterman Drive
Suite D4700
San Francisco, CA, 94129

Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.


Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I
    have the right to submit it under the open source license
    indicated in the file; or

(b) The contribution is based upon previous work that, to the best
    of my knowledge, is covered under an appropriate open source
    license and I have the right under that license to submit that
    work with modifications, whether created in whole or in part
    by me, under the same open source license (unless I am
    permitted to submit under a different license), as indicated
    in the file; or

(c) The contribution was provided directly to me by some other
    person who certified (a), (b) or (c) and I have not modified
    it.

(d) I understand and agree that this project and the contribution
    are public and that a record of the contribution (including all
    personal information I submit with it, including my sign-off) is
    maintained indefinitely and may be redistributed consistent with
    this project or the open source license(s) involved.

@AetherUnbound AetherUnbound requested a review from a team as a code owner November 30, 2023 21:47
@AetherUnbound AetherUnbound added 🟩 priority: low Low priority and doesn't need to be rushed 📄 aspect: text Concerns the textual material in the repository 🧰 goal: internal improvement Improvement that benefits maintainers, not users 🧱 stack: api Related to the Django API labels Nov 30, 2023
krysal
krysal approved these changes Dec 1, 2023
View reviewed changes
api/env.docker
@@ -1,7 +1,7 @@
PYTHONUNBUFFERED=0

DJANGO_SETTINGS_MODULE=conf.settings
DJANGO_SECRET_KEY="ny#b__$$f6ry4wy8oxre97&-68u_0lk3gw(z=d40_dxey3zw0v1"
DJANGO_SECRET_KEY=example_key
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Making it a reminder to change it would be nice too.

Suggested change
DJANGO_SECRET_KEY=example_key
DJANGO_SECRET_KEY=example_key_CHANGE_IT_IN_PRODUCTION

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can also update settings.py to raise an error if it's unchanged.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the suggestion, and I like that idea @dhruvkb! I'll add an issue for it :)

dhruvkb
dhruvkb approved these changes Dec 1, 2023
View reviewed changes
Copy link
Member

@dhruvkb dhruvkb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, with a suggestion for additional safety.

api/env.docker
@@ -1,7 +1,7 @@
PYTHONUNBUFFERED=0

DJANGO_SETTINGS_MODULE=conf.settings
DJANGO_SECRET_KEY="ny#b__$$f6ry4wy8oxre97&-68u_0lk3gw(z=d40_dxey3zw0v1"
DJANGO_SECRET_KEY=example_key
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can also update settings.py to raise an error if it's unchanged.

@AetherUnbound AetherUnbound mentioned this pull request Dec 5, 2023
Closed
@AetherUnbound AetherUnbound merged commit cfdfd43 into main Dec 5, 2023
74 checks passed
@AetherUnbound AetherUnbound deleted the fix/use-shim-security-key branch December 5, 2023 15:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dhruvkb dhruvkb dhruvkb approved these changes

@obulat obulat obulat approved these changes

@krysal krysal krysal approved these changes

Assignees
No one assigned
Labels
📄 aspect: text Concerns the textual material in the repository 🧰 goal: internal improvement Improvement that benefits maintainers, not users 🟩 priority: low Low priority and doesn't need to be rushed 🧱 stack: api Related to the Django API
Projects
Openverse PRs
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@AetherUnbound @krysal @obulat @dhruvkb