Move twitter secret keys to use get_secrets in settings.py

(imported from commit cc21265ae64a49be20bec74386314d60ee822746)
2025-11-04 05:53:43 +00:00 · 2015-08-20 20:02:07 -07:00
parent 32f6d1055d
commit e41c00107d
2 changed files with 8 additions and 24 deletions
--- a/zproject/local_settings.py
+++ b/zproject/local_settings.py
@@ -78,30 +78,6 @@ else:
    S3_AUTH_UPLOADS_BUCKET = "zulip-user-uploads-test"
    S3_AVATAR_BUCKET="humbug-user-avatars-test"

-# Twitter API credentials
-# Secrecy not required because its only used for R/O requests.
-# Please don't make us go over our rate limit.
-if STAGING_DEPLOYED or TESTING_DEPLOYED:
-    # Application: "Humbug HQ"
-    TWITTER_CONSUMER_KEY = "xxxxxxxxxxxxxxxxxxxxxx"
-    TWITTER_CONSUMER_SECRET = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-    TWITTER_ACCESS_TOKEN_KEY = "xxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-    TWITTER_ACCESS_TOKEN_SECRET = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-elif DEPLOYED and not ENTERPRISE:
-    # This is the real set of API credentials used by our real server,
-    # and we probably shouldn't test with it just so we don't waste its requests
-    # Application: "Humbug HQ - Production"
-    TWITTER_CONSUMER_KEY = "xxxxxxxxxxxxxxxxxxxxx"
-    TWITTER_CONSUMER_SECRET = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-    TWITTER_ACCESS_TOKEN_KEY = "xxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-    TWITTER_ACCESS_TOKEN_SECRET = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-else:
-    # Application: "Humbug HQ Test"
-    TWITTER_CONSUMER_KEY = "xxxxxxxxxxxxxxxxxxxxxx"
-    TWITTER_CONSUMER_SECRET = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-    TWITTER_ACCESS_TOKEN_KEY = "xxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-    TWITTER_ACCESS_TOKEN_SECRET = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-
 if DEPLOYED or STAGING_DEPLOYED:
    APNS_SANDBOX = "push_production"
    APNS_FEEDBACK = "feedback_production"
--- a/zproject/settings.py
+++ b/zproject/settings.py
@@ -432,6 +432,14 @@ S3_SECRET_KEY = get_secret("s3_secret_key")
 # https://cloud.google.com/console/project/apps~zulip-android/apiui/credential
 ANDROID_GCM_API_KEY = get_secret("android_gcm_api_key")

+# Twitter API credentials
+# Secrecy not required because its only used for R/O requests.
+# Please don't make us go over our rate limit.
+TWITTER_CONSUMER_KEY = get_secret("twitter_consumer_key")
+TWITTER_CONSUMER_SECRET = get_secret("twitter_consumer_secret")
+TWITTER_ACCESS_TOKEN_KEY = get_secret("twitter_access_token_key")
+TWITTER_ACCESS_TOKEN_SECRET = get_secret("twitter_access_token_secret")
+
 # These are the bots that Zulip sends automated messages as.
 INTERNAL_BOTS = [ {'var_name': 'NOTIFICATION_BOT',
                   'email_template': 'notification-bot@%s',