|
@@ -0,0 +1,65 @@
|
|
|
+# Storing Secrets
|
|
|
+
|
|
|
+Secrets represent authentication information that we have to specify to our app,
|
|
|
+so we do not want to check it into source control. These are stored as files
|
|
|
+in `{project_root}/karmaworld/karmaworld/secrets`.
|
|
|
+
|
|
|
+
|
|
|
+## drive.py
|
|
|
+
|
|
|
+This file points at a json file and a p12 file. These two files are described in
|
|
|
+subsections below.
|
|
|
+
|
|
|
+The `GOOGLE_USER` variable should be set to the email address of the user whose
|
|
|
+Google Drive is to be accessed. The Google Drive Service account (defined by
|
|
|
+the json file and p12 file) will need permission. See the README for more
|
|
|
+information on that subject.
|
|
|
+
|
|
|
+### client_secrets.json
|
|
|
+
|
|
|
+`client_secrets.json` contains metadata about the Google Drive service account.
|
|
|
+This file is provided by Google. See here for more information:
|
|
|
+https://developers.google.com/console/help/new/#serviceaccounts
|
|
|
+
|
|
|
+### drive.p12
|
|
|
+
|
|
|
+`drive.p12` (downloaded from Google as `crazypantslonghexvalue-privatekey.p12`)
|
|
|
+contains a private key which replaces a password. This file is very sensitive.
|
|
|
+Ensure it is read-only by the proper user(s) through file system controls.
|
|
|
+
|
|
|
+## db_settings.py
|
|
|
+
|
|
|
+`db_settings.py` sets up variables in `settings/prod.py` for connecting to the
|
|
|
+a database.
|
|
|
+
|
|
|
+* `PROD_DB_NAME` should be set to the database name
|
|
|
+* `PROD_DB_USERNAME` should be set to the role/user which accesses the database
|
|
|
+* `PROD_DB_PASSWORD` should be the password of the above role/user
|
|
|
+
|
|
|
+## filepicker.py
|
|
|
+
|
|
|
+`filepicker.py` contains the Filepicker API key which identifies the server
|
|
|
+to the Filepicker service.
|
|
|
+
|
|
|
+## static_s3.py
|
|
|
+
|
|
|
+`static_s3.py` sets up variables in `settings/prod.py` for AWS S3 static file
|
|
|
+storage.
|
|
|
+
|
|
|
+* `DEFAULT_FILE_STORAGE` refers to the Django storage backend to use. Generally
|
|
|
+ it should be 'storages.backends.s3boto.S3BotoStorage'
|
|
|
+* `AWS_ACCESS_KEY_ID` is an alphanumeric identifier given by AWS.
|
|
|
+* `AWS_SECRET_ACCESS_KEY` is an ASCII passkey given by AWS.
|
|
|
+* `AWS_STORAGE_BUCKET_NAME` is some bucket.
|
|
|
+* `S3_URL` is the URL to the s3 bucket (`http://BUCKET.s3.amazonaws.com/`)
|
|
|
+* `STATIC_URL` should be the same as the `S3_URL`
|
|
|
+
|
|
|
+## twitter.py
|
|
|
+
|
|
|
+`twitter.py` is used by celery note tasks to send Twitter messages with note
|
|
|
+updates.
|
|
|
+
|
|
|
+* `CONSUMER_KEY` is provided by Twitter
|
|
|
+* `CONSUMER_SECRET` is provided by Twitter
|
|
|
+* `ACCESS_TOKEN_KEY` is provided by Twitter
|
|
|
+* `ACCESS_TOKEN_SECRET` is provided by Twitter
|