3

I have SECRET_KEY = os.environ['SECRET_KEY'] in my prod.py, and SECRET_KEY=secret_string in my .bashrc

This will cause 502 error but if I set SECRET_KEY="secret_string", it is working. How can I use environment variable to do this?

I'm starting gunicorn via sudo service gunicorn restart and I have a upstart script.

Here is the output of cat /proc/<PID>/environ:

PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin^@TERM=linux^@UPSTART_JOB=gunicorn^@UPSTART_INSTANCE=^@
Andrea Corbellini
  • 17,339
  • 3
  • 53
  • 69
sac7e
  • 91
  • 1
  • 10

2 Answers2

6

You need to do:

export SECRET_KEY=secret_string

in your .bashrc. If you just do:

SECRET_KEY=secret_string

It's only available in current process, but when you run django server/shell, the subprocess has no idea of this variable. export make the variable available in subprocesses as well.

Shang Wang
  • 24,909
  • 20
  • 73
  • 94
  • 1
    I added `export` and then `source` the `.bashrc`, but it is still not working when I restart gunicorn. – sac7e Feb 05 '16 at 22:40
  • 1
    @sac7e: `.bashrc` only affects bash login shells. Are you starting gunicorn from your shell? – Andrea Corbellini Feb 05 '16 at 22:50
  • Also, did you have `DJANGO_SETTINGS_MODULE` environment variable defined? https://docs.djangoproject.com/en/1.9/topics/settings/#envvar-DJANGO_SETTINGS_MODULE – Shang Wang Feb 06 '16 at 05:04
  • @sac7e: but *how* are you (re)starting gunicorn exactly? If you're using something like systemd, the environment variable won't be passed around. Check `/proc//environ` and add it to your question – Andrea Corbellini Feb 06 '16 at 10:39
  • @ShangWang: I think it is defined in the wsgi.py, `os.environ.setdefault("DJANGO_SETTINGS_MODULE", "config.settings.prod")` – sac7e Feb 06 '16 at 13:23
  • @AndreaCorbellini: I use command `sudo service gunicorn restart` and I have a upstart script. I checked the process environment, there is no `DJANGO_SETTINGS_MODULE` and also `SECRET_KEY`. I added the output of context of /proc/pid/environ – sac7e Feb 06 '16 at 13:29
  • I'm not sure. Worst case you do `source ~/.bashrc` in your upstart script. That would work. – Shang Wang Feb 06 '16 at 15:43
4

.bashrc only affects bash login shells. Init scripts are not affected in any way by it.

You should copy the export SECRET_KEY=... line to the top of your init script.

Andrea Corbellini
  • 17,339
  • 3
  • 53
  • 69
  • Is adding `export SECRET_KEY=...` the only way to handle this problem? If I use `django-environ`, how can I `export` the environment variables in `.env` to the init scripts. Another question, as there is no "DJANGO_SETTINGS_MODULE" in the `/proc//environ`, how gunicorn process knows the locations of setting files? The only explanation I think is `os.environ.setdefault("DJANGO_SETTINGS_MODULE", "config.settings.prod")` in wsgi.py. What do you think? – sac7e Feb 06 '16 at 13:53
  • Yes, `setdefault()` is the explanation. Using `export SECRET_KEY` is not the only way (and I wouldn't recommend it: [environment variables should not contain secrets](http://movingfast.io/articles/environment-variables-considered-harmful/), as they may leak). I usually store my secret key and my database credentials in a `localsettings.py` file. This file is unversioned (ignored by git) and is imported by my main `DJANGO_SETTINGS_MODULE` – Andrea Corbellini Feb 06 '16 at 14:06
  • I still prefer environment variables and I find another way: just like `os.environ.setdefault("DJANGO_SETTINGS_MODULE", "config.settings.prod")` in wsgi.py, I define .env in my repo and parse it in setting files. Anyway, thank you very much. – sac7e Feb 06 '16 at 14:36