How To: Environment Variables In Django
Environment variables are essential for keeping sensitive information like API keys, passwords, and secret keys safe. Here's a straightforward guide to managing them effectively in your Django projects.
Step-by-Step Guide
1. Install Django Environ
Run the following command to install django-environ:
pip install django-environ
2. Import Environ in settings.py
Add this import at the top of your settings.py file:
import environ
3. Initialize Environment Variables
Initialize environment variables in settings.py right after the import:
# Initialize environment variables
env = environ.Env()
environ.Env.read_env()
4. Create a .env File
Create a .env file in the same directory as settings.py. This file will store your sensitive data.
5. Add Your Secrets to .env
Declare your sensitive data in the .env file without using quotes. For example:
SECRET_KEY=h^z13$qr_s_wd65@gnj7a=xs7t05$w7q8!x_8zsld#
DATABASE_NAME=postgresdatabase
DATABASE_USER=alice
DATABASE_PASS=supersecretpassword
6. Add .env to .gitignore
To prevent your .env file from being pushed to version control, add it to your .gitignore file:
# Ignore .env files
.env
7. Update settings.py
Replace sensitive information in settings.py with calls to the environment variables:
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql_psycopg2',
'NAME': env('DATABASE_NAME'),
'USER': env('DATABASE_USER'),
'PASSWORD': env('DATABASE_PASS'),
}
}
SECRET_KEY = env('SECRET_KEY')
Conclusion
Following these steps ensures your sensitive data stays secure and out of your version control system. Proper management of environment variables is a critical part of secure Django development.