Use docker secrets in Django application
Recently I needed to deploy a Django application to Docker Swarm and I wanted to used built-in feature to store secrets. Setting the secrets is pretty easy just following the docker documentation:
openssl rand -base64 40 | docker secret create django_secret -
The secrets have to be declared in
docker-compose.yml to be available in the container.
version: "3.8" services: django: command: gunicorn wsgi:application --bind 0.0.0.0:8100 environment: SECRET_KEY: /run/secrets/django_secret secrets: - django_secret secrets: django_secret: external: true
The value of the secret is available in the container as a content of the file
settings.py file needs to be updated with a simple function to read the value of the secret either from environment variable or the file.
import os def get_secret(key, default): value = os.getenv(key, default) if os.path.isfile(value): with open(value) as f: return f.read() return value SECRET_KEY = get_secret("SECRET_KEY", "")
Using this approach the secrets can be declared either as an environment variable or a docker secret which is very convenient both for development and production deployments.