Can't get secrets (at first) as env variables with Django

heroed · July 22, 2022, 3:41pm

Hi,

Just tried fly.io for the first time yesterday sorry in advance.

Locally I’m using django-environ, it reads from my .env and populate os.environ but since it has some api keys I’m putting it inside a .dockerignore and it’s thus not available when running fly deploy.

To securely access them I thus run flyctl secrets import < .env, the problem is that when the commands from the Dockerfile are executed when it finally executes python manage.py collectstatic an ImproprelyConfigured error happens when trying to access the first env variable although this one is listed with flyctl secrets list. Printing os.environ will not print the standard fly env variables like FLY_APP_NAME either.

I thus removed the .env from .dockerignore, everything went logically fine and printing os.environ later on gives me the fly secrets variables like FLY_APP_NAME alongside with the ones manually set with fly secrets set.

So my question is : Why can’t I access Fly’s secrets early on when running python manage.py collectstatic for the first time and what’s the solution ?

I tried setting --build-args and build-secrets flags with fly deploy but it didn’t work.

Thanks in advance.

Edit : That only happens when using buildpacks with a Dockerfile generated by Fly, when using my own Dockerfile almost similar to the later Secrets are directly available and everything works fine

catflydotio · July 22, 2022, 5:57pm

Hi @heroed,

One step that may not be obvious is that you need to include a command in your Dockerfile to mount the secret. @fideloper-fly explains more here: Fly Secrets not populated during build - #16 by dreday

A relevant Docker doc:

Let us know if that doesn’t help!

heroed · July 23, 2022, 5:27pm

I tried deploying via Docker and not via the auto Django detection, my Dockerfile is almost identical to the one automatically generated by fly and it worked without mounting the secrets, any reasons ?

I prefer using my own DockerFile anyway but will read the linked topic. Thanks.

mtboxer · November 1, 2022, 3:57pm

Hey @heroed can you share your dockerfile ? I am having a similar issue and looking at yours might help

heroed · November 24, 2022, 11:02am

Sorry for the late response, here is a stripped down Dockerfile with the bare minimum :

FROM library/python:3.10.5-slim-bullseye

RUN apt-get update \
    # dependencies for building Python packages
    && apt-get install -y build-essential \
    # psycopg2 dependencies
    && apt-get install -y libpq-dev \
    && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
    && rm -rf /var/lib/apt/lists/*

    

WORKDIR /usr/src/app


COPY ./requirements.txt ./requirements.txt 

RUN pip install --no-cache-dir -r requirements.txt \
    && rm -rf requirements.txt

COPY . . 

CMD ./runserver.sh

with runserver.sh being :

#!/bin/bash

python manage.py collectstatic --noinput

python manage.py makemigrations
python manage.py migrate

gunicorn YourApp.asgi:application -k uvicorn.workers.UvicornWorker

Topic		Replies	Views
flyctl launch for new django app has no follow-up link Django django	6	466	August 11, 2022
Fly Secrets and Python Decouple Build debugging django	6	1494	April 11, 2023
Handling env vars in a clean way in Django? Django django	5	1730	June 11, 2022
Read fly secrets during Docker build Questions / Help	7	893	January 3, 2024
FlyCTL Deploy Cant Find Environment Variables Questions / Help	1	354	January 13, 2023

Can't get secrets (at first) as env variables with Django

Related Topics