In software development, especially in web frameworks like Django, it’s common to have settings that change between deployments. For instance, in development, you might connect to a local database, while in production, you connect to a cloud database. Hardcoding these configurations is neither flexible nor secure. This is where environment variables come in, allowing you to store settings outside your application.
However, managing and remembering to set these variables can be a challenge. Here’s where `.env` files come into play. They help developers set environment variables consistently across various environments.
In this article, we’ll cover:
- What .env files are
- How to use them in Django
- Best practices
What are .env files?
`.env` files are plain text files used to define environment variables. They follow the pattern:
VARIABLE_NAME=value
ANOTHER_VARIABLE=another_value
Using `.env` files, you can store configurations like database credentials, API keys, and any other settings that might vary between environments.
Setting up .env files in Django
1. Create a .env file
In the root directory of your Django project, create a file named `.env`.
touch .env
Add required environment variables, like:
DEBUG=True
SECRET_KEY=mysecretkey
DATABASE_URL=postgres://user:password@localhost:5432/mydatabase
Save file and close it.
2. Install python-decouple and dj-database-url
To read values from the `.env`.env file easily, we will use the python-decouple library. For database configurations, dj-database-url provides an easy way to parse database connection strings.
Install both:
pip install python-decouple dj-database-url
3. Configure Django settings
Open your `settings.py` and modify it to use variables from the `.env` file.
from decouple import config, Csv
import dj_database_url
# Use the DEBUG value from .env (default is False if not set)
DEBUG = config('DEBUG', default=False, cast=bool)
# Get the SECRET_KEY from .env (default is '' if not set)
SECRET_KEY = config('SECRET_KEY', default='')
# Set up the database using DATABASE_URL from .env
DATABASES = {
'default': dj_database_url.config(default=config('DATABASE_URL'))
}
With this setup, Django will read the values from the .env file. If any are missing, it’ll use the specified default values.
4. Update .gitignore
To ensure you never commit your .env file (with potentially sensitive info) to version control:
echo ".env" >> .gitignore
Best Practices
- Never Commit .env Files: As stated, avoid committing `.env` files to version control. They often contain sensitive information.
- Use Different .env Files: For different environments (development, staging, production), you can have different `.env` files like `.env.dev`, .`.env.staging`. Load the appropriate one based on context.
- Document Variables: In your project’s README or in a separate document, list all environment variables that your application uses. This makes it easier for other developers to understand the required settings.
- Use Defaults Wisely: For some settings, providing defaults can be beneficial (e.g., DEBUG=False). However, be careful with sensitive settings like SECRET_KEY. It’s better not to have a default for such variables.
- Backup .env Files: Though you don’t commit them to version control, ensure you have backups of `.env` files, especially for production configurations.
Conclusion
Using `.env` files in Django (or any application) is a game-changer when it comes to managing settings and configurations. It makes your application more flexible and secure by separating configurations from code. Remember always to protect sensitive information and keep configurations as clear and as simple as possible.