A Smart Way To Secure Your Django Apps

Image for post
Image for post

Many times, we have to integrate 3rd party services into our applications; this often prompts the need to store sensitive data for authentication of different modules such as database credentials, secret key, encryption payloads, and API keys.

These sensitive keys should not be hard-coded in the settings.py file or views.py file in a Django project. If these keys become compromised from a public repository or other location, the internet could easily find these keys and abuse them for their gains 😟 ; such as using up your cloud resources and credits, illegal access to your application back-end, and even dumping your live database 😰.

Instead, your keys should be loaded up with Environment variables in runtime.

It won’t hurt to make your applications one level more secure 😃 and you’ll find it quite useful to work with environments variables on different stages of application development.

What are Environmental variables 🤔?

Environment variables are predetermined key-value pairs that typically provide the ability to configure a value or variable in your code from outside of your application for the current user environment.

They provide a greater degree of flexibility when switching between a local development environment as well as a production environment on a live server.

You can think of environment variables as a dictionary, where the key is the environment variable name and the value is the environment variable value.

How to create and read Environment Variables in Django projects

let’s get started by creating environmental variables. we store our key-value pairs within an ini or .env file in a Django project.

In Python applications, we could use the Python os module “environ” property to get the dictionary of all the environment variables. But since os.environ only returns strings, it’s tricky. Let’s say you have an envvar DEBUG=False. If you run:

Image for post
Image for post

It will print True because os.environ[‘DEBUG’] returns the string “False”. Since it’s a non-empty string, it will be evaluated as True. But that variable should be a boolean, right 🤷‍♂️.

I’ve found an awesome package to help out with this inconsistency and properly convert values to the correct data type 😃.


  • Install
Image for post
Image for post
  • Then use it on your settings.py and views.py basically wherever we need these envvars, Import the config object:
Image for post
Image for post
  • Retrieve the configuration parameters:
Image for post
Image for post

Don’t forget to add.env in your .gitignore file . to keep your secret keys out of version control.

We’ve learned about Environmental Variables and learned how to add another level of security to a Django application. It is a necessary step for any truly professional Django project.

It’s a wrap everyone.

Thanks for the audience and I hope you found this article helpful 🤗. feel free to reach out to Github, Twitter, and LinkedIn. Do drop a like, comment, and share 😌.

Originally published at https://nextwebb.hashnode.dev.

I’m a Software Engineer 👩‍💻, an avid learner 👨‍🎓 and a community leader 🥑.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store