studio/people
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔒️(helmfile) generate Django secret key

Browse Source 
Generate a proper Django secret key ready for production,
using the provided get_random_secret_key() function.

Store its value in a k8s secret. I generated two values one for
dev and one for staging.

Previous values were triggering security logs.
This commit is contained in:
Lebaud Antoine
2024-03-26 23:39:32 +01:00
committed by aleb_the_flash
parent 0fe0175622
commit cbfc67f010
4 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/helm/env.d/dev/secrets.enc.yaml
View File

@@ -1,3 +1,4 @@
djangoSecretKey: ENC[AES256_GCM,data:XKgM2zd1+/bxvdUzBp3zK0XUPDPjDwsfDa6WPVUULqxZ0RcuPsKRMjBgFvE9hLd4AvY=,iv:0Uk4QXWiAW6HW/7kmx2hbwU3sEdjIsTxm3T5U0wlbws=,tag:9I+fEYxkLClZ39x1eNP7sQ==,type:str]
oidc:
clientId: ENC[AES256_GCM,data:KlkyIG8tNj6Nj3G4nIN+QGt9FPtMIkoitC8jxx5n4hHq71mF,iv:AKrdqPnBFLNxtRB1cphRKtH9ccwx7V4ApspjIQxtWmY=,tag:8Upvn77PKsJ0ktQh/orXqQ==,type:str]
clientSecret: ENC[AES256_GCM,data:O6RwyuiaXGO3afc4sRQz5nHW62Dkx2/I4jVqGgkms/fsDHpCMs0I3iTfGPUgI4uER60Yml16yc6n/7LWbqoy+A==,iv:1wJhrsNOZcgduy4N5WNuUPNX2R5fwyMJTpjV8IPm7Hc=,tag:Q42WTMFIPSdEtllHyLZwbQ==,type:str]
@@ -61,8 +62,8 @@ sops:
eEh1MmhQRFNyNE1NSDdwWk5BRCtDMFUKZByCL2Wj0X+lwUo06PHwOiaJhzqOMVVt
Rj/pvynxLV4d0RBzwpgdL9uV8VzTED4GW9wotODbhEUtdlpSS1YOGg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-18T22:26:38Z"
mac: ENC[AES256_GCM,data:6xfKunxhxiA2c0jQQwo0oMSD3ecBPmDEGB5Dv9NEGrVLRGbUXd96RPfodYJkFtKJpWHDBrKO4eSkaylAGtzxq29TIwSveTm4xdlz4JBe/a1OxjKwY8XzuDY/gjTNhYODp/Zot6Vg/ESkkjGSyWwPjjdfIJmtd5Bk4eb00UyMoxE=,iv:wQ2lF+RIagQjAAwDCFQF90He3m0xNWnC4CRNf0ndhRY=,tag:aWJj05jPkwbwwF/zaj/wyA==,type:str]
lastmodified: "2024-03-26T22:31:10Z"
mac: ENC[AES256_GCM,data:OujhtajsuAQrC5KNFPxqjMlHAS9tpjvvsu8LRZf8XKrMui3ZBAHO2TdF7z/sAEB9OPlPJZGZU4jMDNXZkIi1zv3mUDNJXPs0oitgIEXSYCDHcZQea093hSMd4tX1yLQM3M5GH1aFZDXfIpKT7UvLjiVv+8aXp7BLQNNilbFKV1g=,iv:1OD4SuMUSD3fcuO4QiZpjij49JHwKqDJvXOT0wyJ0zs=,tag:VW4KiInBhIpbaaAS18eNUQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

2
src/helm/env.d/dev/values.desk.yaml.gotmpl
View File

@@ -8,7 +8,7 @@ backend:
DJANGO_CSRF_TRUSTED_ORIGINS: https://desk.127.0.0.1.nip.io,http://desk.127.0.0.1.nip.io
DJANGO_CONFIGURATION: Production
DJANGO_ALLOWED_HOSTS: "*"
DJANGO_SECRET_KEY: "ThisIsAnExampleKeyForDevPurposeOnly"
DJANGO_SECRET_KEY: {{ .Values.djangoSecretKey }}
DJANGO_SETTINGS_MODULE: people.settings
DJANGO_SUPERUSER_PASSWORD: admin
DJANGO_EMAIL_HOST: "mailcatcher"

5
src/helm/env.d/staging/secrets.enc.yaml
View File

@@ -1,3 +1,4 @@
djangoSecretKey: ENC[AES256_GCM,data:trxlec0na+q/9kh7kkZpuyp1Zjx9uXyL3fS+UEsGsN612X5tVLtAUuSx8aGYr/f6uYs=,iv:+gjpSUBq9TEmeLYC18vT2HOi869W9xgzxC5QchI1iUg=,tag:zvKVaqwY43bRWOhhr3dFcg==,type:str]
oidc:
clientId: ENC[AES256_GCM,data:3A6nchWO8pVLIlWLRL3TBXCuwoo4dyrvtrfqrBqStLJRUl2A,iv:WZwTDGphAJ2KRN6cpj4HpZM5AsLywsjdI9m9tuhjigg=,tag:7GDMJhF0jrZghPENdQF9xw==,type:str]
clientSecret: ENC[AES256_GCM,data:X2pWXOrxlt+Sbf6Wq7g4Rz65AOXsAB/U35sJDFXHfZpT556xKekDmW/isD1R3kP8OTtigVi0gSrOvMePC9tgmg==,iv:sTD3nXIx2Z52pzO8A8VNpcQJ9Or9KMAxTG5/fYL0oTI=,tag:CCKemFbgJNDCY2bwNpqJiA==,type:str]
@@ -61,8 +62,8 @@ sops:
bnBRVTJYUzYzNEM1eU8vQzlqdk9lY3MKM9g8opHNjlm2cAkVzc9LXt2TM+Jmq8Of
DbVFbegKV8lgnLKdmWVeKDtLFHiZj4dQclvwxbNuIk2QvEj9Wam7uQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-15T15:23:34Z"
mac: ENC[AES256_GCM,data:crwjT3cmrVCWR/CgGt0rb39WtfzY8/PYIue0sWSCS6VmGjR3fNxYfTuqEojk3ROIv2r3R9mAdLioAKQfbKyvdvi3p0v+FGsze3rBnEY76nl53eykubHi8GPCBJCu0yiDT1/pfkdW19LUIxDF0jtiKXlAUo44IJp/okehiEsXC/A=,iv:9Uqv6iy7iW7K42fMZVObcOIaVl1jaDa1PF06UR9Kx+o=,tag:5rKP2k8Gfwl1ImO7Kpc4kg==,type:str]
lastmodified: "2024-03-26T22:31:45Z"
mac: ENC[AES256_GCM,data:jC6rd1YvDrDZxY4gfPGYY6rwygTgeL0w95a81aGAElthOl+r9eaNsqDvkOYaEuoZctdIP4MmaGfC8ZjBGrK+WbTacxHNmv9OaB43STrEqBmZWVDRUJZEgYhdQGMOW0jpDc08WaV67J1ViEuH4bcaUCwHrT//HQUf3e+25ZsO4R8=,iv:tf6xbLvxzURT0FcV0ZZYaT0b6v6GnIO854NLZZvCS8Q=,tag:5lz71fju3WHwQKTyW+lkAw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

2
src/helm/env.d/staging/values.desk.yaml.gotmpl
View File

@@ -11,7 +11,7 @@ backend:
DJANGO_CSRF_TRUSTED_ORIGINS: http://desk-staging.beta.numerique.gouv.fr,https://desk-staging.beta.numerique.gouv.fr
DJANGO_CONFIGURATION: Production
DJANGO_ALLOWED_HOSTS: "*"
DJANGO_SECRET_KEY: "ThisIsAnExampleKeyForDevPurposeOnly"
DJANGO_SECRET_KEY: {{ .Values.djangoSecretKey }}
DJANGO_SETTINGS_MODULE: people.settings
DJANGO_SUPERUSER_PASSWORD: admin
DJANGO_EMAIL_HOST: "snap-mail.numerique.gouv.fr"