Intro
In the last article where we discussed modularization of django settings file, a production ready set-up for django applications, I mentioned that there would be a short guide article on implementation process of a dot env file in django.
In this article, we would be goin through that exactly, we would be looking at implementation process, benefits and why you should consider using a dot env file for all your django projects.
Let's dive in.
The Importance of .env
Files in Django
During developmental process of a Django application, it's common to have sensitive information such as API keys, django secret key, allowed hosts, database passwords, and other credentials that should not be stored in version control systems.
One way to manage these sensitive values is through the use of environment variables, which can be accessed by your code without being hard-coded into your source files.
A .env
file is a simple way to manage environment variables in your Django project. It provides a way to store your environment-specific configuration in a file that can be easily managed and shared with other developers on your team, without exposing sensitive information.
There are numerous benefits of using a dot env files in django and some of them are analyzed below.
Some of the benefits of using a .env
file in Django
Security: Sensitive information such as passwords and API keys can be kept separate from your codebase, reducing the risk of exposure to unauthorized access or accidental leaks.
Portability: With a
.env
file, you can easily move your application between development, staging, and production environments without having to modify your codebase.Consistency: By storing your environment-specific configuration in a
.env
file, you can ensure that all team members are working with the same settings, reducing the risk of configuration drift.
Also check: Ease your way into automated testing in Django.
Implementation process of a .env
File in Django
Here's a step-by-step guide on how to implement a .env file in your Django project, follow these steps for a quick implementation:
-
Install the
python-dotenv
package:
pip install python-dotenv
Create a file named
.env
at the root of your project, the same level with yourmanage.py
. This file should not be committed to your version control (example: github, gitlab, etc) system.Add the sensitive information you want to store in your
.env
file. Each value should be in the format KEY=VALUE, with one variable per line. For example:
SECRET_KEY=my-secret-key
DEBUG=True
DATABASE_URL=postgres://user:password@localhost/mydatabase
-
In your Django settings file, import dotenv and call load_dotenv(). This will load the variables from your
.env
file into your environment variables.
import os
from dotenv import load_dotenv
# Load environment variables from .env file
load_dotenv()
# Access environment variables
SECRET_KEY = os.getenv('SECRET_KEY')
DEBUG = os.getenv('DEBUG')
DATABASE_URL = os.getenv('DATABASE_URL')
With steps as simple as this, you can now use environment variables in your Django project through the .env
file. You can add additional variables to your .env
file as needed and access them in your code through os.getenv()
is shown in the example above. Always make sure os
is imported before referencing it in your project.
What you want to check now is: Production ready settings file: Simplest way to get it done.
Keep in mind that it's important to keep your .env
file private and not commit it to version control. You may also want to consider using a tool like git-crypt
or git-secret
to encrypt your .env
file to further increase security.
I hope this gives you a simple overview and great guides to secure your credentials and create a far more secure Django projects.
Thanks for reading, kindly consider sharing to communities where this can be find useful.
Top comments (0)