DEV Community

Cover image for Protect Your Sensitive Data: A Guide to .env Files in Django
Amusat Haki Adeyemi
Amusat Haki Adeyemi

Posted on • Updated on

Protect Your Sensitive Data: A Guide to .env Files in Django

Intro

In the last article where we discussed modularization of Django settings file, a production-ready set-up for Django applications, I mentioned that there would be a short guide on the implementation process of a dot env file in Django.

In this article, we will be going through that exactly, we will be looking at the implementation process, benefits and why you should consider using a dot env file for all your Django projects.
Let's dive in.

The Importance of .env Files in Django

During the developmental process of a Django application, it's common to have sensitive information such as API keys, Django secret keys, allowed hosts, database passwords, and other credentials that should not be stored in version control systems.

One way to manage these sensitive values is through the use of environment variables, which can be accessed by your code without being hard-coded into your source files.

A .env file is a simple way to manage environment variables in your Django project. It provides a way to store your environment-specific configuration in a file that can be easily managed and shared with other developers on your team, without exposing sensitive information.
There are numerous benefits of using a dot env file in django and some of them are analyzed below.

Some of the benefits of using a .env file in Django

  • Security: Sensitive information such as passwords and API keys can be kept separate from your codebase, reducing the risk of exposure to unauthorized access or accidental leaks.

  • Portability: With a .env file, you can easily move your application between development, staging, and production environments without having to modify your codebase.

  • Consistency: By storing your environment-specific configuration in a .env file, you can ensure that all team members are working with the same settings, reducing the risk of configuration drift.

Also check: Ease your way into automated testing in Django.

Implementation process of a .env File in Django

Here's a step-by-step guide on how to implement a .env file in your Django project, follow these steps for a quick implementation:

  1. Install the python-dotenv package:
pip install python-dotenv
Enter fullscreen mode Exit fullscreen mode
  1. Create a file named .env at the root of your project, the same level as your manage.py. This file should not be committed to your version control (for example: Github, Gitlab, etc) system.

  2. Add the sensitive information you want to store in your .env file. Each value should be in the format KEY=VALUE, with one variable per line. For example:

SECRET_KEY=my-secret-key
DEBUG=True
DATABASE_URL=postgres://user:password@localhost/mydatabase
Enter fullscreen mode Exit fullscreen mode
  1. In your Django settings file, import dotenv and call load_dotenv(). This will load the variables from your .env file into your environment variables.
import os
from dotenv import load_dotenv

# Load environment variables from .env file
load_dotenv()

# Access environment variables
SECRET_KEY = os.getenv('SECRET_KEY')
DEBUG = os.getenv('DEBUG')
DATABASE_URL = os.getenv('DATABASE_URL')
Enter fullscreen mode Exit fullscreen mode

With steps as simple as this, you can now use environment variables in your Django project through the .env file. You can add additional variables to your .env file as needed and access them in your code through os.getenv() is shown in the example above. Always make sure os is imported before referencing it in your project.

What you want to check now is Production ready settings file: The simplest way to get it done.

Keep in mind that it's important to keep your .env file private and not commit it to version control. You may also want to consider using a tool like git-crypt or git-secret to encrypt your .env file to further increase security.

I hope this gives you a simple overview and great guides to secure your credentials and create a far more secure Django project.

Thanks for reading, kindly consider sharing to communities where this can be found useful.

Top comments (5)

Collapse
 
arthurpc02 profile image
Arthur Pinheiro Cortes

Thank you.

Collapse
 
defidelity profile image
Amusat Haki Adeyemi

Thanks for reading

Collapse
 
magnoheinz profile image
Magno Heinz

Show de bola, ajudou muito. Obrigado!

Collapse
 
defidelity profile image
Amusat Haki Adeyemi

Thanks for your kind response Magno

Collapse
 
iancu profile image
Iancu Ioan

Thank you.