How do I hide sensitive data in settings.py through Heroku?


#1

I have a Django app hosted on Heroku and I’m using Heroku’s Postgresql database add-on. The only way I can get the database to connect is if I explicitly hardcore the database information in settings.py. The problem with that Is that this info will be exposed publicly on GitHub and exploited so I’d rather find a way to hide this sensitive data.

The only alternative to this that I can find on Heroku’s website is the django-heroku package.
where it tells me to install the package and enter this in:

import django_heroku     #place on top of script
django_heroku.settings(locals())  #place on the bottom

This is supposed to pull up the DATABASE_URL config var but it didn’t work. I entered that in settings.py and ran the server and this error came up on my command prompt:

Do you know what could be leading to this error? Are there any other alternatives achieving this?

Any help pertaining to this will be much appreciated!


#2

Hey there — this is personally beyond my scope so I’m going to share this on my Twitter to see if anyone has responses. :)


#3

Via Twitter, someone shared a link on using environmental variables: https://twitter.com/CaiusSivjus/status/1050437513851166720


#4

Another response with a link to another package! https://twitter.com/avalonstar/status/1050440242279280640


#5

Another one! https://twitter.com/pmbaumgartner/status/1050509431732137985