Security¶
Security files¶
A very simple way to make sure that passwords are not pushed in your VCS
is to exclude any file matching myproject/security*
. It would also
be a good idea to reduce the access to such files by removing read
rights for users other than the one running django.
VCS¶
Files that should not be pushed to your VCS are:
env.py
: to allow for multiple environments to run at the same time. If you’re using git, you can addmyproject/env.py
in.gitignore
.- any security file : repeat after me, any security data in your VCS
is a bad idea. If you’re using git you can add
myproject/security*.py
in.gitignore
.