From 2b245909591da46bbf2de92342a0820d01e1dda1 Mon Sep 17 00:00:00 2001
From: stupidcomputer <ryan@beepboop.systems>
Date: Fri, 28 Jun 2024 16:42:00 -0500
Subject: [PATCH] remove secret and prevent it from leaking again

---
 .env.prod => .env.prod.orig | 2 +-
 .gitignore                  | 1 +
 Makefile                    | 3 ++-
 3 files changed, 4 insertions(+), 2 deletions(-)
 rename .env.prod => .env.prod.orig (69%)

diff --git a/.env.prod b/.env.prod.orig
similarity index 69%
rename from .env.prod
rename to .env.prod.orig
index 2e1a214..3a45223 100644
--- a/.env.prod
+++ b/.env.prod.orig
@@ -1,2 +1,2 @@
-SECRET_KEY=834701
+SECRET_KEY=change_me
 DJANGO_ALLOWED_HOSTS=localhost 127.0.0.1 [::1]
diff --git a/.gitignore b/.gitignore
index 3801d2c..ce9d185 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,4 @@ db.sqlite3
 media
 uploads/
 staticfiles/
+.env.prod
diff --git a/Makefile b/Makefile
index 6ccb378..e5a8010 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,6 @@
 prod: # execute this target on the production server in the nix-shell
 	rm -r franklincce/staticfiles
 	cd franklincce; python3 manage.py collectstatic
-	sed -i "s/change_me/$(shell shuf -i1-1000000 -n1)/g" .env.prod
+	sed "s/change_me/$(shell shuf -i1-1000000 -n1)/g" .env.prod.orig > .env.prod
+	sed "s|change_me|$(shell dd if=/dev/urandom bs=1024 count=1|base64)|g" .env.prod.orig > .env.prod
 	docker-compose -f docker-compose.prod.yml up -d --build