Move several secrets to using the get_secret function in settings.py.

(imported from commit 08fb828265c4a9e35294a51c0901bd5ad3990344)

zproject/dev-secrets.conf

@@ -1,13 +1,14 @@
 [secrets]
 secret_key = dummy
 shared_secret = dummy
-rabbitmq_password = s13kr3t
+rabbitmq_password = xxxxxxxxxxxxxxxx
 deployment_role_key = dummy
 mandrill_api_key = dummy
 mailchimp_api_key = dummy-us4
-camo_key = dummy 
-email_password = dummy 
-s3_key = dummy 
+camo_key = dummy
+email_password = dummy
+s3_key = dummy
 s3_secret_key= dummy
 google_oauth2_client_secret  = dummy
-dev_google_oauth2_client_secret  = dummy 
+dev_google_oauth2_client_secret  = dummy
+avatar_salt = dummy

zproject/local_settings.py

@@ -23,25 +23,10 @@ else:
 
 getsecret = lambda x: secrets_file.get('secrets', x)
 
-# Make this unique, and don't share it with anybody.
-SECRET_KEY = getsecret("secret_key") if DEPLOYED else "foobar"
-
-# Use this salt to hash a user's email into a filename for their user-uploaded
-# avatar.  If this salt is discovered, attackers will only be able to determine
-# that the owner of an email account has uploaded an avatar to Zulip, which isn't
-# the end of the world.  Don't use the salt where there is more security exposure.
-AVATAR_SALT = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
-
 # Used just for generating initial passwords (only used in testing environments).
 if not DEPLOYED:
     INITIAL_PASSWORD_SALT = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
 
-# A shared secret, used to authenticate different parts of the app to each other.
-# FIXME: store this password more securely
-SHARED_SECRET = getsecret("shared_secret") if DEPLOYED else "dummy"
-
-RABBITMQ_PASSWORD = getsecret("rabbitmq_password") if DEPLOYED else 'xxxxxxxxxxxxxxxx'
-
 MAILCHIMP_API_KEY = getsecret("mailchimp_api_key")
 ZULIP_FRIENDS_LIST_ID = '84b2f3da6b'
 
@@ -52,8 +37,6 @@ DEPLOYMENT_ROLE_KEY = getsecret("deployment_role_key")
 # This comes from our mandrill accounts page
 MANDRILL_API_KEY = getsecret("mandrill_api_key")
 
-# This should be synced with our camo installation
-CAMO_KEY = getsecret("camo_key") if DEPLOYED else "dummy"
 # XXX: replace me
 CAMO_URI = 'https://external-content.zulipcdn.net/'
 

zproject/local_settings_template.py

@@ -189,14 +189,3 @@ AUTH_LDAP_USER_ATTR_MAP = {
 # Populate the Django user's name from the LDAP directory.
     "full_name": "cn",
 }
-
-# The following secrets are randomly generated during the install
-# process, are used for security purposes, and should not be shared
-# with anyone.
-#
-# PLEASE DO NOT CHANGE THEM WITHOUT INSTRUCTIONS FROM ZULIP SUPPORT
-CAMO_KEY = ''
-SECRET_KEY = ''
-RABBITMQ_PASSWORD = ''
-AVATAR_SALT = ''
-SHARED_SECRET = ''

zproject/settings.py

@@ -27,6 +27,27 @@ ENTERPRISE = DEPLOYED and config_file.get('machine', 'deploy_type') == 'enterpri
 # Import local_settings after determining the deployment/machine type
 from local_settings import *
 
+secrets_file = ConfigParser.RawConfigParser()
+if DEPLOYED:
+    secrets_file.read("/etc/zulip/zulip-secrets.conf")
+else:
+    secrets_file.read("zproject/dev-secrets.conf")
+
+get_secret = lambda x: secrets_file.get('secrets', x)
+
+# Make this unique, and don't share it with anybody.
+SECRET_KEY = get_secret("secret_key")
+
+# A shared secret, used to authenticate different parts of the app to each other.
+# FIXME: store this password more securely
+SHARED_SECRET = get_secret("shared_secret")
+
+# We use this salt to hash a user's email into a filename for their user-uploaded
+# avatar.  If this salt is discovered, attackers will only be able to determine
+# that the owner of an email account has uploaded an avatar to Zulip, which isn't
+# the end of the world.  Don't use the salt where there is more security exposure.
+AVATAR_SALT = get_secret("avatar_salt")
+
 SERVER_GENERATION = int(time.time())
 
 if not 'DEBUG' in globals():
@@ -609,6 +630,11 @@ PIPELINE_YUI_BINARY     = '/usr/bin/env yui-compressor'
 
 USING_RABBITMQ = True
 RABBITMQ_USERNAME = 'zulip'
+RABBITMQ_PASSWORD = get_secret("rabbitmq_password")
+
+if CAMO_URI is not None:
+    # This needs to be synced with the Camo installation
+    CAMO_KEY = get_secret("camo_key")
 
 SESSION_ENGINE = "django.contrib.sessions.backends.cached_db"