Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

docs: Update documentation for secrets related settings. 

This is a follow-up to #22699 to document the new `get_mandatory_secret`
helper.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
This commit is contained in:
Zixuan James Li 2022-08-25 15:26:41 -04:00 committed by Tim Abbott
parent c6130ce4b1
commit ae33873902
2 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/contributing/code-style.md
View File

@ -62,8 +62,8 @@ The Vagrant setup process runs this for you.
## Secrets
Please don't put any passwords, secret access keys, etc. inline in the
code. Instead, use the `get_secret` function in `zproject/config.py`
to read secrets from `/etc/zulip/secrets.conf`.
code. Instead, use the `get_secret` function or the `get_mandatory_secret`
function in `zproject/config.py` to read secrets from `/etc/zulip/secrets.conf`.
## Dangerous constructs

12
docs/subsystems/settings.md
View File

@ -71,9 +71,12 @@ In a production environment, we have:
using the [standard Python
`RawConfigParser`](https://docs.python.org/3/library/configparser.html#configparser.RawConfigParser),
and accessed in `zproject/computed_settings.py` by the `get_secret`
function. All secrets/API keys/etc. used by the Zulip Django
application should be stored here, and read using the `get_secret`
function in `zproject/config.py`.
or `get_mandatory_secret` function defined in `zproject/config.py`.
All secrets/API keys/etc. used by the Zulip Django application should
be stored here. The secrets mandatory to start the Zulip Django app
are read using `get_mandatory_secret` and the others are read with
`get_secret`. If any of the mandatory secrets is missing, a
`ZulipSettingsError` is raised.
- `zproject/settings.py` is the main Django settings file for Zulip.
It imports everything from `zproject/configured_settings.py` and
@ -121,7 +124,8 @@ in two or three places:
for production environments.
- If the settings has a secret key,
you'll add a `get_secret` call in `zproject/computed_settings.py` (and the
you'll add a `get_secret` or `get_mandatory_secret` call in
`zproject/computed_settings.py` (and the
user will add the value when they configure the feature).
- In an appropriate section of `zproject/prod_settings_template.py`,