Using Environment Variable in Django to avoid security compromise

 While working with web applications often we need to store sensitive data for authentication of different modules such as database credentials and API keys. These sensitive keys should not be hardcoded in the settings.py file instead they should be loaded with Environment variables on runtime.

An environment variable is a variable whose value is set outside the program, typically through a functionality built into the operating system. An environment variable is made up of a name/value pair.

Environment variables help us keep secrets (for example, Passwords, API tokens, and so on) out of version control, therefore, they are considered an integral part of the popular Twelve-Factor App Design methodology and a Django best practice because they allow a greater level of security and simpler local/production configurations.

Also, environment variables provide a greater degree of flexibility for switching between local development setup and production setup.





Therefore Adding environment variables is a necessary step for any truly professional Django project.

Creating Environment Variables

Create a .env file in the same directory where settings.py resides and add the following key-value pair inside the file.

NB: Ensure that there are no spaces between the variable name, assignment operator and the value

SECRET_KEY=0x!b#(1*cd73w$&azzc6p+essg7v=g80ls#z&xcx*mpemx&@9$
DATABASE_NAME=db_name
DATABASE_USER=db_user 
DATABASE_PASSWORD=password
DATABASE_HOST=localhost
DATABASE_PORT=5432

We will use django-environ for managing environment variables inside our project. So let’s install the package.

pip install django-environ

With that now, we can access the environmental variables in our codebase.

import environ

env = environ.Env()
# reading .env file
environ.Env.read_env()

# Raises django's ImproperlyConfigured exception if SECRET_KEY not in os.environ
SECRET_KEY = env("SECRET_KEY")

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql_psycopg2',
        'NAME': env("DATABASE_NAME"),
        'USER': env("DATABASE_USER"),
        'PASSWORD': env("DATABASE_PASSWORD"),
        'HOST': env("DATABASE_HOST"),
        'PORT': env("DATABASE_PORT"),
    }
}

Save the file and run the server everything should be working smoothly.

Additionally, you can also provide default values as follows.

SECRET_KEY = env("SECRET_KEY", default="unsafe-secret-key")

Comments

Post a Comment

Popular posts from this blog

How to use Django Bootstrap Modal Forms

Image
Installation Install  django-bootstrap-modal-forms : $ pip install django-bootstrap-modal-forms Add  bootstrap_modal_forms  to your INSTALLED_APPS in settings.py: INSTALLED_APPS = [ ... 'bootstrap_modal_forms', ... ] Include Bootstrap, jQuery and  jquery.bootstrap.modal.forms.js  on every page where you would like to set up the AJAX driven Django forms in Bootstrap modal. IMPORTANT: Adjust Bootstrap and jQuery file paths to match yours, but include  jquery.bootstrap.modal.forms.js  exactly as in code bellow. < head > < link rel = " stylesheet " href = " {% static 'assets/css/bootstrap.css' %} " > </ head > < body > < script src = " {% static 'assets/js/bootstrap.js' %} " ></ script > < script src = " {% static 'assets/js/jquery.js' %} " ></ script > < script src = " {% static 'js/jquery.bootstrap.mo
Read more

Everything you need to know when developing an on demand service app

Image
On Demand Services App Remember Richie Rich, the animated show that we used to watch? It had an Robot maid named Irona. We all wished we had someone like her who could complete all our household chores in seconds. Well, that dream still seems to be far from us for at least a century; however, there is a substitute to it which is as effective as Irona.  on-demand apps  for Home Services is that substitute. We all know how on-demand apps have disrupted majority of traditional industries. From the way we travel, eat, shop, and even date, all has undergone a tremendous change. So, why not our household chores and errands? After all we all need an Irona in our lives who can complete our household chores and run our errands in a jiffy. Before we understand the nitty gritty of  on-demand home services apps , let us start from the basic at what exact services that it provides. As the name suggests it serves as a platform where you can hire professionals for all your household ch
Read more

Documentation is Very vital before you develop any system or app

Image
Technical documentation in software engineering is the umbrella term that encompasses all written documents and materials dealing with software product development. All software development products, whether created by a small team or a large corporation, require some related documentation. And different types of documents are created through the whole  software development lifecycle  (SDLC). Documentation exists to explain product functionality, unify project-related information, and allow for discussing all significant questions arising between stakeholders and developers. Project documentation by stages and purpose On top of that, documentation errors can set gaps between the visions of stakeholders and engineers and, as a result, a proposed solution won’t meet stakeholders expectations. Consequently, managers should pay a lot of attention to documentation quality. Agile and waterfall approaches The documentation types that the team produces and its scope depending on the s
Read more