Hi there, I'm following the guidelines by making sure the environment variables are stored outside of the settings.py files.
The project is "dockerised" and so the environment variables have been stored in files *docker-compose.yml* and *docker-compose-prod.yml*. This includes things like the project's secret key, API keys, and database passwords. *My question is: * • Just because environment variables are stored in .yml files, won't they be equally insecure the moment I commit the project folder to a git repo (and especially if I push that repo to GitHub)? e.g. the Secret Key will forevermore be stored in the git repo (in earlier versions, even if I later move it to another file in subsequent commits). Is there an even more secure way of storing environment variables? Or am I overthinking it (as I'm the only developer and the GitHub repo is set to Private)? Many thanks in advance for your help. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/887bcd5b-4525-4a54-a4e5-5eae32b20041%40googlegroups.com.
