How To: Environment Variables In Django
Environment variables are essential for keeping sensitive information like API keys, passwords, and secret keys safe. Here's a straightforward guide to managing them effectively in your Django projects.
Step-by-Step Guide
1. Install Django Environ.
Run the following command to install django-environ:
pip install django-environ
2. Import Environ in settings.py.
Add this import at the top of your settings.py file:
import environ
3. Initialize Environment Variables.
Initialize environment variables in settings.py right after the import:
# Initialize environment variables
env = environ.Env()
environ.Env.read_env()
4. Create a .env File.
Create a .env file in the same directory as settings.py. This file will store your sensitive data.
5. Add Your Secrets to .env.
Declare your sensitive data in the .env file without using quotes. For example:
SECRET_KEY=h^z13$qr_s_wd65@gnj7a=xs7t05$w7q8!x_8zsld#
DATABASE_NAME=postgresdatabase
DATABASE_USER=alice
DATABASE_PASS=supersecretpassword
6. Add .env to .gitignore.
To prevent your .env file from being pushed to version control, add it to your .gitignore file:
# Ignore .env files
.env
7. Update settings.py.
Replace sensitive information in settings.py with calls to the environment variables:
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql_psycopg2',
'NAME': env('DATABASE_NAME'),
'USER': env('DATABASE_USER'),
'PASSWORD': env('DATABASE_PASS'),
}
}
SECRET_KEY = env('SECRET_KEY')
Conclusion.
Following these steps ensures your sensitive data stays secure and out of your version control system. Proper management of environment variables is a critical part of secure Django development.