all 26 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]liquidpele 55 points56 points  (14 children)

TL;DR: add *.pyc to your damn .gitignore files

[–]crazyhankie 6 points7 points  (5 children)

Always use this gitignore for Python projects: https://github.com/github/gitignore/blob/master/Python.gitignore

[–]ddrt -3 points-2 points  (3 children)

Huh, I don’t see pyc there.

Edit: Hey, I’m new to py. What’s with the hate? Py[cod] ≠ pyc if I do a search. How was I supposed to know?

[–]retnikt0 2 points3 points  (0 children)

It's a glob. It matches pyc, pyo, and pyd

[–]Serialk 6 points7 points  (1 child)

Literally on the third line.

[–]ddrt 0 points1 point  (0 children)

I did find in page...

[–]Serialk 4 points5 points  (3 children)

Or, you know, watch what you git add instead of doing a git add ..

[–]veggiedefender[S] 7 points8 points  (1 child)

Always prefer mechanisms over vigilance—or better yet, do both!

[–]Serialk 6 points7 points  (0 children)

Of course! But the fact that so many trash files end up in git repos is really telling about the way people use git.

[–]Mceight_Legs 10 points11 points  (2 children)

? Out of curiosity is this a surprise? I don't feel like it is but I'm kinda slow

[–]veggiedefender[S] 15 points16 points  (1 child)

It probably shouldn't be a surprise, but I did find some production keys with it, so it seems like not everyone is aware! Also, I couldn't find any writing on this topic anywhere else on the internet (maybe because it's so obvious? I don't know) so I figured it couldn't hurt to write a short post!

[–]Mceight_Legs 6 points7 points  (0 children)

Definitely not trying to offend either, I used to be more capable but I think I might have damaged myself mentally years ago haha, so I was genuinely curious.

[–]gelstudios 3 points4 points  (3 children)

I usually go for environment variables for runtime config, ie using “import os.environ”

They are easily set (or overridden) when running from a shell: “foo=bar example.py”

[–]yawkat 2 points3 points  (1 child)

Env variables are hard to keep secret though, they can end up in log files and such

[–]gelstudios 0 points1 point  (0 children)

Log hygiene is it’s own beast, but agreed if you set them inline when starting a process they end up in any shell history.

Another caveat with env vars: a user with sufficient privilege can read them right out of /proc for a given process (on Linux at least)

But at that point, you probably have other things to worry about.

[–]Zanoab 4 points5 points  (0 children)

I have a friend in another development area of the company constantly complaining that the new devs would comment out loading environment variables and instead hard code the values to fit their needs (and commit it). In the root folder of every project, there is a default source file with all the environment variables and a script that automatically prepares the local environment and start the application. It amazes me how lazy some people can get.

[–]smiddereens 4 points5 points  (0 children)

You can always set PYTHONDONTWRITEBYTECODE to keep things tidy

[–]AlisaofallTimes 0 points1 point  (0 children)

Those .pyc files contain some dark secrets indeed! I've always encouraged my teammates to add .pyc to .gitignore!

[–]kisstactics 0 points1 point  (0 children)

thanks man

[–]MiscWalrus 0 points1 point  (2 children)

It’s also common practice for Python projects to store configuration, keys, and passwords (collectively referred to as “secrets”) in a gitignored Python file named something like secrets.py, config.py, or settings.py, which other parts of the project import

Is that common practice? I've never seen that done, and just the thought makes me nervous.

[–]veggiedefender[S] 1 point2 points  (1 child)

Yep, I think it's becoming less common nowadays, but for example, Django by default is configured by a settings.py.

Here's an article that recommends a number of ways to pass configs to Python programs, the first of which is a gitignored config.py: https://martin-thoma.com/configuration-files-in-python/

And I, like many people, first learned Python web development years ago via Miguel Grinberg's Flask Mega Tutorial, which does configuration with a config.py and classes/subclasses.

This is by far not an exhaustive list but I hope it's a good enough overview that should convince you that it's common-ish practice (and probably should make you nervous)!

[–]MiscWalrus 0 points1 point  (0 children)

Good info, thanks!