django - How to securely deploy environment settings via config file? -


i have removed api credentials , secret keys project's source code , repository , storing , applying them configuration file in local environment.

what best way deploy , apply settings production environment? first thought write script to:

  • upload configuration file local machine production server
  • read configuration file , apply settings on production server without logging settings or exposing them bash history
  • delete configuration file production server

aside potential snooping on internet traffic during upload, or local machine being compromised, there wrong approach?

this django project. using django-environ read / manage settings , fabric upload configuration file , remotely run commands during deployment server located on aws (i'm not interested in using elastic beanstalk).

thank you!

how make secure

there million ways of doing deployment semi-"securely" extremely hard (if not impossible) make secure. reason simple. code needs access sensitive information in order run. can obfuscate information as want if system gets compromised, intruder can inspect running processes hence extract sensitive information.

that being said, dont see fundamentally wrong using config file start app long follow standard deploy practices using different non-root user run app, etc.

best way deploy

i think 12 factor refactored apps considered best practice in industry. 3rd rule states pretty how should configure applications:

store config in environment

storing config in env variables makes super easy deploy same application in many environments without changing code. doing arguably not 100% secure think if take normal precautions running server different user, etc should fine in cases.

obviously depends on type of application. if application deals super-sensitive data, suggest investigate other methods on how deploy applications in security-strict environments. outside of scope of question , outside of knowledge-area maybe other smart people here @ able help.


Comments

Post a Comment

Popular posts from this blog

toolbar - How to add link to user registration inside toobar in admin joomla 3 custom component -

im trying write component admin side , need add user creation. dont want duplicate existing codes add link. know how add task not simple link toolbar. thx help. if wanting button opens new user screen can try in component: $bar = jtoolbar::getinstance('toolbar'); $bar->appendbutton('link', 'users', 'new user','index.php?option=com_users&task=user.add'); you need add view.html.php file wherever you're creating toolbar. is need?
Read more

linux - disk space limitation when creating war file -

i have 1 gb disk space limitation hosting app , have used 700mb of it. however want create war file directory big (around 600mb) using command : jar -cvf root.war folderpath that's why encounter quota limitation , can't following. i'm looking way delete folder content when it's applying archive conserve disk space take note can't install zip tool in ssh shell ~ the code works on test directories, test first anyway, deletes files. it's not efficient. assumptions: 300mb free space, in destructively compress 600mb folderpath directory. none of files big -- if file in folderpath 300mb or larger, fail. notes: if ' $out ' file exists, nothing. first find pipes file list while , if ' $out ' doesn't exist in loop, create it, don't update -- if does exist, update it. each pass adds 1 more file, deletes unless file directory. after loop finishes delete empty directories too. unset u ; in=folderpath ; out=roo...
Read more

How to provide Authorization & Authentication using Asp.net, C#? -

Image
i have asp.net application in c#. i have provide page authorization specific user/usergroup. i have created 2 tables in database: 1) pagename 2)permissions[insert, update, view, delete] but i'm unable match tables , permissions assigning... can 1 please me, how created tables in database , how coding. please me. you can below explanation. configure access specific file , folder, set forms-based authentication. request page in application redirected logon.aspx automatically. in web.config file, type or paste following code. this code grants users access default1.aspx page , subdir1 folder . <configuration> <system.web> <authentication mode="forms" > <forms loginurl="login.aspx" name=".aspnetauth" protection="none" path="/" timeout="20" > </forms> </authentication> <!-- section denies access files in...
Read more