back to all posts

Setting up Environment Variables in Django

Update (2024-10-16): add overwrite=True to read_env to make sure that your env variables are up to date.

Introduction

In the previous tutorial we have covered the installation of Stimulus.js into our application.

Today, we are going to add support for environment variables. This is necessary to protect secret information from showing up in our git history.

This is important because there are bots scanning github for secrets that people can accidentally add to the repo.

For example, if you were to use ChatGPT API in your app you will need to authenticate using a secret key. If you add directly to the code a bot will be able to get that key and use it for their own good living you with a large bill.

You can read more about this in the Config section of Twelve Factor App.

Follow along

All the code in this tutorial will be in this PR.

Before committing stuff to your repo, make sure that you have a .gitignore file in our repo. You can follow this tutorial if you don't have one yet.

Let's get to business

  • In you project directory run poetry add django-environ to install the environment dependency.

  • Create .env file to the root directory of your project.

  • We are going to add 2 items to the environment for this exercise, debug mode and secret key.

DEBUG=on

# Generate the key here: https://djecrety.ir/
SECRET_KEY="$wuy#b00i7rj="  # This is just an example, replace with your generated key. Make sure it is in quotes, otherwise there might be parsing issues.
  • Add the following to settings.py file
import environ  # new
import os  # new

env = environ.Env(
    DEBUG=(bool, False) # you can set defaults
)

BASE_DIR = ...  # old, don't touch

environ.Env.read_env(os.path.join(BASE_DIR, '.env'), overwrite=True)  # new, this needs to be after the BASE_DIR variable

# Replace DEBUG and SECRET_KEY with these
DEBUG = env('DEBUG')
SECRET_KEY = env('SECRET_KEY')
  • Start the server with poetry run python manage.py runserver. If it ran successfully then we are good.

Congrats, your Django app can now be safe.

Comments

To comment on this project please signup or login .

Tech Jobs Alerts

Tech Jobs Alerts - Ad

Get notified when the perfect job for you is available.