Intro
In the last article where we discussed modularization of Django settings file, a production-ready set-up for Django applications, I mentioned that there would be a short guide on the implementation process of a dot env file in Django.
In this article, we will be going through that exactly, we will be looking at the implementation process, benefits and why you should consider using a dot env file for all your Django projects.
Let's dive in.
The Importance of .env
Files in Django
During the developmental process of a Django application, it's common to have sensitive information such as API keys, Django secret keys, allowed hosts, database passwords, and other credentials that should not be stored in version control systems.
One way to manage these sensitive values is through the use of environment variables, which can be accessed by your code without being hard-coded into your source files.
A .env
file is a simple way to manage environment variables in your Django project. It provides a way to store your environment-specific configuration in a file that can be easily managed and shared with other developers on your team, without exposing sensitive information.
There are numerous benefits of using a dot env file in django and some of them are analyzed below.
Some of the benefits of using a .env
file in Django
Security: Sensitive information such as passwords and API keys can be kept separate from your codebase, reducing the risk of exposure to unauthorized access or accidental leaks.
Portability: With a
.env
file, you can easily move your application between development, staging, and production environments without having to modify your codebase.Consistency: By storing your environment-specific configuration in a
.env
file, you can ensure that all team members are working with the same settings, reducing the risk of configuration drift.
Also check: Ease your way into automated testing in Django.
Implementation process of a .env
File in Django
Here's a step-by-step guide on how to implement a .env file in your Django project, follow these steps for a quick implementation:
-
Install the
python-dotenv
package:
pip install python-dotenv
Create a file named
.env
at the root of your project, the same level as yourmanage.py
. This file should not be committed to your version control (for example: Github, Gitlab, etc) system.Add the sensitive information you want to store in your
.env
file. Each value should be in the format KEY=VALUE, with one variable per line. For example:
SECRET_KEY=my-secret-key
DEBUG=True
DATABASE_URL=postgres://user:password@localhost/mydatabase
-
In your Django settings file, import dotenv and call load_dotenv(). This will load the variables from your
.env
file into your environment variables.
import os
from dotenv import load_dotenv
# Load environment variables from .env file
load_dotenv()
# Access environment variables
SECRET_KEY = os.getenv('SECRET_KEY')
DEBUG = os.getenv('DEBUG')
DATABASE_URL = os.getenv('DATABASE_URL')
With steps as simple as this, you can now use environment variables in your Django project through the .env
file. You can add additional variables to your .env
file as needed and access them in your code through os.getenv()
is shown in the example above. Always make sure os
is imported before referencing it in your project.
What you want to check now is Production ready settings file: The simplest way to get it done.
Keep in mind that it's important to keep your .env
file private and not commit it to version control. You may also want to consider using a tool like git-crypt
or git-secret
to encrypt your .env
file to further increase security.
I hope this gives you a simple overview and great guides to secure your credentials and create a far more secure Django project.
Thanks for reading, kindly consider sharing to communities where this can be found useful.
Top comments (5)
Thank you.
Thanks for reading
Show de bola, ajudou muito. Obrigado!
Thanks for your kind response Magno
Thank you.