In the Pyramid web framework, how do I source sensitive settings into development.ini / production.ini from an external file?

前端 未结 3 949
不思量自难忘°
不思量自难忘° 2021-02-05 13:50

I\'d like to keep development.ini and production.ini under version control, but for security reason would not want the sqlalchemy.url conn

3条回答
  •  不思量自难忘°
    2021-02-05 14:07

    I looked into this a lot and played with a lot of different approaches. However, Pyramid is so flexible, and the .ini config parser is so minimal in what it does for you, that there doesn't seem to be a de facto answer.

    In my scenario, I tried having a production.example.ini in version control at first that got copied on the production server with the details filled in, but this got hairy, as updates to the example didn't get translated to the copy, and so the copy had to be re-created any time a change was made. Also, I started using Heroku, so files not in version control never made it into the deployment.

    Then, there's the encrypted config approach. Which, I don't like the paradigm. Imagine a sysadmin being responsible for maintaining the production environment, but he or she is unable to change the location of a database or environment-specific setting without running it back through version control. It's really nice to have the separation between environment and code as much as possible so those changes can be made on the fly without version control revisions.

    My ultimate solution was to have some values that looked like this:

    [app:main]
    
    sqlalchemy.url = ${SQLALCHEMY_URL}
    

    Then, on the production server, I would set the environment variable SQLALCHEMY_URL to point to the database. This even allowed me to use the same configuration file for staging and production, which is nice.

    In my Pyramid init, I just expanded the environment variable value using os.path.expandvars:

    sqlalchemy_url = os.path.expandvars(settings.get('sqlalchemy.url'))
    engine = create_engine(sqlalchemy_url)
    

    And, if you want to get fancy with it and automatically replace all the environment variables in your settings dictionary, I made this little helper method for my projects:

    def expandvars_dict(settings):
        """Expands all environment variables in a settings dictionary."""
        return dict((key, os.path.expandvars(value)) for
                    key, value in settings.iteritems())
    

    Use it like this in your main app entry point:

    settings = expandvars_dict(settings)
    

提交回复
热议问题