Use dotenv to load environment variables#
Developing and deploying applications often requires the use of configuration variables such as passwords, API keys, and secret keys. These variables should not be hardcoded in the source code, as they can be accessed by unauthorized users. The dotenv library can be used to load environment variables from a file when it is started. This allows you to store sensitive information in a file that is not uploaded to a repository and to override the environment variables for development, testing, and debugging. This allows an application to be 12-factor compliant and to be deployed to different environments without changing the source code.
Insecure hardcoded secrets#
As mentioned variables that contain sensitive information, such as passwords, API keys, and secret keys, should not be hardcoded in the source code. The example code below shows a hardcoded secret key and should not be uploaded to a repository.
SECRET_KEY = "1234567890"
print(f"{SECRET_KEY"})
One solution is to use a seperate file to store the secret key and read it from the file. This is a better solution, but it is still not ideal as it must be stored in a file that is not uploaded to a repository.
Reading environment variables#
One solution to this problem is to use environment variables. Environment variables are variables that are set in the environment and can be accessed by the program. The example code below shows how to read the secret key from an environment variable. The environment variables can be set when the program is started by systemd, Docker, or another process manager. With the os.getenv function, you can read the value of an environment variable as is shown in the example below.
import os
SECRET_KEY = os.getenv("SECRET_KEY")
print(f"{SECRET_KEY"})
When the program is started, the environment variable can be set for the process as shown below.
$ SECRET_KEY=1234567890 python example.py
1234567890
Now the secret key is not hardcoded in the source code, but it is still not ideal to set the environment variables manually. The dotenv library can be used to load environment variables from a file.
Overriding environment variables#
For development, testing, and debugging, it is useful to be able to override the environment variables. The dotenv library can be used to load environment variables from a file and override the existing environment variables. First, install the dotenv library with the command pip install python-dotenv. Then create a file called .env with the environment variables as shown below.
.env file#$ pip install python-dotenv
$ echo "SECRET_KEY=1234567890" > .env
Now the environment variables can be loaded from the file with the following code.
import os
from dotenv import load_dotenv
load_dotenv()
SECRET_KEY = os.getenv("SECRET_KEY")
print(f"{SECRET_KEY"})
When the program is started, the environment variables will be set from the .env file.