Add blackbox-encrypted secrets.py, keyrings

See https://github.com/StackExchange/blackbox for blackbox usage.
Keys added: jvperrin, jameszhu, hutch, michaelmlu

.gitattributes

@@ -0,0 +1,2 @@
+**/blackbox-admins.txt text eol=lf
+**/blackbox-files.txt text eol=lf

.gitignore

@@ -46,3 +46,8 @@ target/
 # Emacs stuff
 \#*\#
 *~
+/keyrings/live/pubring.gpg~
+/keyrings/live/pubring.kbx~
+/keyrings/live/secring.gpg
+/bbtest.txt
+/hknweb/settings/secrets.py

Makefile

@@ -5,11 +5,11 @@ PIP_HOME = $(shell python3 -c "import site; import os; print(os.path.join(site.U
 
 .PHONY: dev
 dev:
-	pipenv run python ./manage.py runserver $(DEV_LISTEN_IP):$(DEV_PORT)
+	HKNWEB_MODE='dev' pipenv run python ./manage.py runserver $(DEV_LISTEN_IP):$(DEV_PORT)
 
 .PHONY: dev-vagrant
 dev-vagrant:
-	pipenv run python ./manage.py runserver [::]:$(DEV_PORT)
+	HKNWEB_MODE='dev' pipenv run python ./manage.py runserver [::]:$(DEV_PORT)
 
 .PHONY: livereload
 livereload:
@@ -29,7 +29,7 @@ venv: Pipfile Pipfile.lock
 
 .PHONY: migrate
 migrate:
-	pipenv run python ./manage.py migrate
+	pipenv run python ./manage.py migrate --settings=hknweb.settings.dev
 
 .PHONY: test
 test: venv

hknweb/settings/__init__.py

@@ -0,0 +1,15 @@
+import os
+import sys
+
+try:
+    HKNWEB_MODE = os.environ['HKNWEB_MODE'].lower()
+    if HKNWEB_MODE == 'dev':
+        from .dev import *
+    elif HKNWEB_MODE == 'prod':
+        from .prod import *
+    else:
+        print("HKNWEB_MODE is not a valid value")
+        sys.exit()
+except KeyError:
+    print("SETTINGS says: HKNWEB_MODE not supplied, so no data will be loaded into settings. You can still load of the subpackages manually.")
+

hknweb/settings.py → hknweb/settings/common.py

@@ -12,21 +12,11 @@
 import os
 
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
-BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+BASE_DIR = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
 
 
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/2.0/howto/deployment/checklist/
-
-# SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = 'v9lj^szduvr@a*31&r(l5ub+5q%ebszts70vlpzaiekt23s)gb'
-
-# SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
-
-ALLOWED_HOSTS = []
-
-
 # Application definition
 
 INSTALLED_APPS = [

hknweb/settings/dev.py

@@ -0,0 +1,15 @@
+from .common import *
+
+#In dev mode, attempt to use real secrets, but if unavailiable, fall back to dummy secrets
+try:
+    from .secrets import *
+except ImportError:
+    from .dummy_secrets import *
+
+# SECURITY WARNING: don't run with debug turned on in production!
+DEBUG = True
+
+ALLOWED_HOSTS = ['localhost','127.0.0.1','hkn.eecs.berkely.edu','hkn.mu']
+
+
+

hknweb/settings/dummy_secrets.py

@@ -0,0 +1,4 @@
+# SECURITY WARNING: keep the secret key used in production secret!
+SECRET_KEY = 'v9lj^szduvr@a*31&r(l5ub+5q%ebszts70vlpzaiekt23s)gb'
+
+

hknweb/settings/prod.py

@@ -0,0 +1,17 @@
+from .common import *
+
+
+#In prod mode, rigidly enforce using real secrets and fail if unavailiable
+from .secrets import *
+
+
+# SECURITY WARNING: keep the secret key used in production secret!
+SECRET_KEY = 'v9lj^szduvr@a*31&r(l5ub+5q%ebszts70vlpzaiekt23s)gb'
+
+# SECURITY WARNING: don't run with debug turned on in production!
+DEBUG = False
+
+ALLOWED_HOSTS = ['hkn.eecs.berkeley.edu','hkn.mu']
+
+
+

keyrings/live/blackbox-admins.txt

@@ -0,0 +1,4 @@
+1F3CAA5F32F6483D
+[email protected]
+[email protected]
+[email protected]

keyrings/live/blackbox-files.txt

@@ -0,0 +1,2 @@
+bbtest.txt
+hknweb/settings/secrets.py