Using Environment Variables in Django

Environment variables are a great way to securely store sensitive information such as API keys, database credentials, and other configuration settings that should not be hardcoded into your Django application's settings.py file. In this article, we'll walk through the process of using environment variables in Django to make your application more secure and flexible.

1. Why Use Environment Variables?

Environment variables allow you to store configuration settings outside your codebase, making your application more portable, secure, and easier to deploy in different environments (e.g., development, testing, production). By using environment variables, you can easily change settings without having to modify your source code.

2. Storing Environment Variables

Environment variables can be set in different ways depending on your operating system and deployment platform. Here are a few common methods:

• Local development (Mac/Linux): You can export environment variables directly in your terminal.
• Local development (Windows): Use the set command in Command Prompt or set environment variables through System Properties.
• Using a .env file: You can store environment variables in a .env file in your project's root directory (recommended for local development).

3. Using a .env File with Django

One of the most popular ways to manage environment variables in Django is by using a .env file. This file will contain key-value pairs representing your environment variables. To load these variables into your Django settings, we use the python-dotenv package.

Step 1: Install the python-dotenv package

First, install the python-dotenv package, which will help us load variables from the .env file:

            
    pip install python-dotenv
            
        

Step 2: Create the .env file

In your project's root directory, create a .env file and add your environment variables. For example:

            
    # .env file
    DJANGO_SECRET_KEY="your-secret-key"
    DEBUG=False
    DATABASE_URL="postgres://user:password@localhost:5432/mydatabase"
            
        

In this example, we store the SECRET_KEY, DEBUG flag, and the DATABASE_URL in the .env file. Make sure to never commit this file to version control for security reasons.

Step 3: Load Environment Variables in settings.py

Now, we need to load these environment variables in our settings.py file. We will use python-dotenv to read the variables from the .env file:

            
    import os
    from dotenv import load_dotenv

    # Load environment variables from .env file
    load_dotenv()

    # Now you can access the environment variables using os.environ
    SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY')
    DEBUG = os.environ.get('DEBUG') == 'True'  # Convert the string to a boolean
    DATABASE_URL = os.environ.get('DATABASE_URL')
            
        

The load_dotenv() function loads the variables from the .env file into the environment. Then, you can use os.environ.get() to access the values in your settings file.

4. Using Environment Variables for Database Configuration

It’s common to store database configuration details in environment variables. For example, the DATABASE_URL variable in the .env file contains the credentials for connecting to the database. We can use this variable to configure the Django database settings dynamically:

            
    import dj_database_url

    DATABASES = {
        'default': dj_database_url.config(default=os.environ.get('DATABASE_URL'))
    }
            
        

The dj_database_url package is used to parse the DATABASE_URL string and convert it into a dictionary that Django can use to connect to the database. This allows you to configure your database connection using a single environment variable.

5. Using Environment Variables for Secret Keys

For security reasons, it is essential to keep sensitive information such as the Django SECRET_KEY outside the source code. Instead of hardcoding the SECRET_KEY directly in settings.py, we use an environment variable:

            
    SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY')
            
        

By loading the SECRET_KEY from an environment variable, you ensure that the key remains secret and does not get exposed in the source code or version control.

6. Using Environment Variables for Debug Mode

In a production environment, you want to disable Django's DEBUG mode. Instead of hardcoding DEBUG=False in your settings, you can use an environment variable to control this setting:

            
    DEBUG = os.environ.get('DEBUG', 'False') == 'True'  # Default to False if not set
            
        

In the example above, the DEBUG setting is controlled by the DEBUG environment variable. If the variable is not set, it defaults to False.

7. Using Environment Variables for Third-Party API Keys

Another common use case for environment variables is storing third-party API keys. Let’s say you are using the Google Maps API, and you want to store the API key in an environment variable:

            
    GOOGLE_MAPS_API_KEY = os.environ.get('GOOGLE_MAPS_API_KEY')
            
        

With this approach, your API keys remain secure and are not exposed in the source code.

8. Best Practices for Managing Environment Variables

• Do not commit your .env file to version control (e.g., Git). Add it to your .gitignore file to ensure it is excluded from commits.
• Use different environment variable values for development, staging, and production environments.
• Keep sensitive information, like API keys and passwords, encrypted or managed by a secrets manager if possible.
• Use environment variables for any configuration that is likely to change depending on the deployment environment.

9. Conclusion

Using environment variables in Django allows you to securely store sensitive data and configuration settings outside your codebase. By following the best practices outlined in this article, you can ensure that your Django application is more secure, portable, and easier to deploy across different environments.