We often have to integrate 3rd party services into our applications; this often prompts the need to store sensitive data for authentication of different modules such as database credentials, secret keys, encryption payloads, and API keys.
These sensitive keys should not be hard-coded in the settings.py file or views.py file in a Django project. Suppose these keys become compromised from a public repository or other location. In that case, the internet could easily find and abuse them for their gains 😟, such as using up your cloud resources and credits, illegally accessing your application back-end, and even dumping your live database 😰.
Instead, your keys should be loaded up with Environment variables in runtime.
It won’t hurt to make your applications one level more secure 😃 and you’ll find it quite helpful to work with environment variables at different stages of application development.
What are Environmental variables 🤔?
Environment variables are predetermined key-value pairs that typically provide the ability to configure a value or variable in your code from outside of your application for the current user environment.
They provide greater flexibility when switching between a local development environment and a production environment on a live server.
You can think of environment variables as a dictionary, where the key is the environment variable name and the environment variable value.
How to create and read Environment Variables in Django projects
let’s start by creating environmental variables. We store our key-value pairs within ini or .env file a Django project.
In Python applications, we could use the Python os module “environ” property to get the dictionary of all the environment variables. But since os.environ only returns strings, it’s tricky. Let’s say you have an envvar DEBUG=False. If you run:
It will print True because os.environ[‘DEBUG’] returns the string “False.” Since it’s a non-empty string, it will be evaluated as True. But that variable should be a boolean, right 🤷♂️.
I’ve found an excellent package to help with this inconsistency and properly convert values to the correct data type 😃.
Usage
- Install
- Then use it on your
settings.py and views.pybasically, wherever we need these envvars, Import the config object:
- Retrieve the configuration parameters:
Don’t forget to add.env in your .gitignore file . To keep your secret keys out of version control.
We’ve learned about Environmental Variables and how to add another level of security to a Django application. It is a necessary step for any truly professional Django project.
It’s a wrap, everyone.
Thanks for the audience, and I hope you found this article helpful 🤗. Feel free to reach out to GitHub, Twitter, and LinkedIn. Do drop a like, comment, and share 😌.
Originally published at https://nextwebb.hashnode.dev.
