Avoiding commiting things like API key?


I’m trying to set up the Sendgrid email server, but I’m confused how to put things like the API key in the e.g. settings.py without it showing up publically in github. Can anyone explain?


Hey there — really great question that I didn’t cover, thanks for asking.

Two methods:

  • For WeddingLovely (my business) I paid for private GitHub repo and I just committed my keys. Obviously you know this isn’t the best tactic since I have to trust that the repo will stay private, but it was fastest/easiest and I decided the risk was worth it.
  • Better would be to put your private keys in an environment variable. Here’s a StackOverflow answer that details how: https://stackoverflow.com/questions/14786072/keep-secret-keys-out-with-environment-variables.

I hope that helps!