Creating Environment Variables in Your Django Project

Creating Environment Variables in Your Django Project

A technical guide on how to secure your Django project’s sensitive information with python-Dotenv

Introduction

The Django framework is one of the most popular frameworks for backend development. Most of the information in the Django projects is sensitive and must be kept secure, including vital information like API keys, database configuration information, secret keys, etc. Environmental valuables provide a great way to secure this sensitive information. Python has a lot of packages to create environment variables, python-dotenv is one of the popular packages for this. This article aims to provide a step-by-step guide on how to set up environment variables for your Django project.

Prerequisites

This article assumes, you already have Django installed and have some basic knowledge of the Django web framework.

Setting up environment variables In your Django project.

To create environment variables in your Django project with python-dotenv packages you have to follow these steps:

  1. Install python-dotenv packages: In your Django project, activate the virtual environment and run this code to install python-dotenv:

    pipenv install python-dotenv

    Note: you can use pip or pip3, depending on the package manager you use

  2. Import and initialize python-dotenv in the settings.py file

     From dotenv import load_dotenv
     Import os
     #Initialize load_dotenv
     load_dotenv()
    

    Note: You may encounter some pylance errors with the imports; to resolve this, you have to ensure your project is using the virtual environment interpreter. If you use pipenv to create your virtual environment in your project, you can simply go to the settings and select the command palette. In the command palette, search for python: interpreter and select your current virtual environment. This should resolve the issues.

  3. Create a .env file in the root directory of your project, in the same directory as the manage.py file.

    File structure:

    myproject/

    ├── myproject/

    │ ├── init*.py*

    │ ├── settings.py

    │ ├── urls.py

    │ └── wsgi.py

    ├── myapp/

    │ ├── init*.py*

    │ ├── models.py

    │ ├── views.py

    │ └── ...

    ├── manage.py

    └── .env <-- Create .env file in the root directory

  4. Inside the .env file include the data you want to secure. For the purpose of demonstration, let's secure the SECRET_KEY value, in our settings.py file:

     SECRET_KEY=django-insecure-e*%z$x706q6!yy9s0izbj+-vaci_f*#p772cl!i=6jm6#@hg)11
    

    NOTE: You don’t have to include strings (" ") for value, this will result in an error

  5. In the settings.py file, remove the value of SECRET_KEY, and replace it with the reference to the variable in your .env file

    SECRET_KEY=os.environ.get(‘SECRET_KEY’)

  6. Finally, Add .env file to your .gitignore file, to prevent git from tracking the file and pushing sensitive information to your GitHub repository.

Conclusion

Keeping your project’s sensitive data secure is very important when creating a secure web application. Python-dotenv packages provide a great way to achieve this.