What information do I need to hide from other people?

I kept a secret key, when I put the project on github: https://stackoverflow.com/questions/31883505/how-t...
But in a postgresql database there are settings ENGINE, NAME, USER, PASSWORD, HOST, PORT - if this information finds anyone, he will be able to connect to my database? And whether all these parameters must be hidden or password only?
April 4th 20 at 13:29
3 answers
April 4th 20 at 13:31
Solution
The access to the database is sensitive data. They should be the same as SECRET_KEY, as the accesses to Redis (for example). For this is the dj_database_url module, which allows you to transfer access to the database, one environment variable.
April 4th 20 at 13:33
Solution
Will be able to connect if the port the database server is accessible from the Internet.
Store NAME, USER, PASSWORD, HOST, free undesirable.
April 4th 20 at 13:35
Solution
The idea is better not to put the source code on github, so the attacker will be attack vector right before your eyes.
In General, the ENV should carry the name , password, and salt for server secret.

Find more questions by tags Django