« Back To Blog | 10th June 2011 (8 months, 2 weeks ago)
It's not unusual to have your settings.py under version control. Furthermore, if you split your development, staging and production setting configurations up, if makes send to keep these nicely organised and check them in after changes. What I hadn't thought about was that your settings.py include plaintext database configuration details including hostname, username and password. While this isn't the end of the world (and there are generally more pressing security issues), it doesn't hurt to take them out of version control.
To do this, simply create a database.py file alongside your settings.py, add it to your .hgignore (or similar) and import it:
#databases.py
DATABASES = {
'ENGINE' : 'django.db.backends.postgresql_psycopg2',
'NAME' : 'dbname',
'USER' : 'dbusername',
'PASSWORD' : 'dbpassword'
}#settings.py from databases import DATABASES ....