Read secrets from files to vars

sikweb/settings-sample-prod.py

@@ -19,7 +19,9 @@ DEBUG = False
 ALLOWED_HOSTS = ["sika.sik.party"]
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = os.getenv('SECRET_KEY', '<your secret key>')
+f = open("/run/secrets/DJANGO_SECRET_KEY", "r")
+SECRET_KEY = f.readline()
+f.close()
 
 # ReCaptcha
 # http://www.yaconiello.com/blog/integrating-google-recaptcha-to-django/
@@ -28,7 +30,9 @@ GOOGLE_RECAPTCHA_SECRET_KEY = "YOUR-PRIVATE-KEY"
 
 # Email settings (more settings in base.py)
 EMAIL_HOST_USER = 'sikviestinta@gmail.com'
-EMAIL_HOST_PASSWORD = os.getenv('EMAIL_PASSWD', '<gmail_passu>')
+f = open("/run/secrets/DJANGO_EMAIL_PASSWD", "r")
+EMAIL_HOST_PASSWORD = f.readline()
+f.close()
 DEFAULT_EMAIL_FROM = 'SIK Viestintä <sikviestinta@gmail.com>'
 ENABLE_AUTOMATIC_EMAILS = True
 
@@ -38,12 +42,22 @@ TELEGRAM_BOT_TOKEN = os.getenv('TG_BOT_TOKEN')
 # Database settings
 # Only uncomment if default settings in base.py are not ok
 
+f = open("/run/secrets/DJANGO_DB_NAME", "r")
+DB_NAME = f.readline()
+f.close()
+f = open("/run/secrets/DJANGO_DB_USER", "r")
+DB_USER = f.readline()
+f.close()
+f = open("/run/secrets/DJANGO_DB_PASSWORD", "r")
+DB_PASSWORD = f.readline()
+f.close()
+
 DATABASES = {
     'default': {
         'ENGINE': 'django.db.backends.postgresql_psycopg2',
-        'NAME': os.getenv('DB_NAME', '<none>'),
-        'USER': os.getenv('DB_USER', '<none>'),
-        'PASSWORD': os.getenv('DB_PASSWD', '<none>'),
+        'NAME': DB_NAME,
+        'USER': DB_USER,
+        'PASSWORD': DB_PASSWORD,
         'HOST': os.getenv('DB_HOST', '127.0.0.1'),
         'PORT': os.getenv('DB_PORT', 5432),
     }