Database passwords, API keys and a host of other parameters are needed for a Django app to function properly. Some of these parameters are crucial and are best kept as secrets in safe and private environments.

A good number of libraries have been provided to help us conceal these secrets properly. We will take a detailed look at one of these packages __ python-decouple.

Python decouple is strict on the separation of setting from code. It helps you to organize your settings so that you can change parameters without having to redeploy your app and according to its official project description, It also makes it easy for you to:

1. store parameters in .ini or .env files;

2. define comprehensive default values;

3. properly convert values to the correct data type;

4. have only one configuration module to rule all your instances.

Below is a quick start on its usage:

Install

pip install python-decouple

Usage

We will use the following setting.py to explain how it works.

import os
DEBUG = True 
BASE_DIR = Path(__file__).resolve().parent.parent
ALLOWED_HOSTS = []

# Application definition

INSTALLED_APPS = [
    ...
]

SECRET_KEY = 'j(x$ujo)td1^dhu10$)==rfysf9&&_&hdts#7ho_jdysl0s4t'
EMAIL_HOST = 'smtp.gmail.com'
EMAIL_PORT = 587
EMAIL_USE_TLS = True
EMAIL_HOST_USER = 'codlog@admin.com'
EMAIL_HOST_PASSWORD = 'hdu_ujso'

Now we will create a .env file in the root directory of our project. a .ini file can also be used. Decouple supports both. This is where the settings data will be stored.

.env file

SECRET_KEY = 'j(x$ujo)td1^dhu10$)==rfysf9&&_&hdts#7ho_jdysl0s4t'
DEBUG = True
EMAIL_HOST = 'smtp.gmail.com'
EMAIL_PORT = 587
EMAIL_USE_TLS = True
EMAIL_HOST_USER = 'codlog@admin.com'
EMAIL_HOST_PASSWORD = 'hdu_ujso'

Import the library in our settings file:

from decouple import config

Retrieve the parameters we save in the .env file:

import os 
BASE_DIR = Path(__file__).resolve().parent.parent ALLOWED_HOSTS = [] 
DEBUG = config('DEBUG', default=False, cast=bool)

# Application definition 
INSTALLED_APPS = [ 
...

 ] 
SECRET_KEY = config('SECRET_KEY')
DEBUG = config('DEBUG', default=False, cast=bool)
EMAIL_HOST = config('EMAIL_HOST', default='localhost')
EMAIL_PORT = config('EMAIL_PORT', default=587, cast=int)
EMAIL_USE_TLS = config('EMAIL_USE_TLS', default=False, cast=bool)
EMAIL_HOST_USER = config('EMAIL_HOST_USER', default='')
EMAIL_HOST_PASSWORD = config('EMAIL_HOST_PASSWORD', default='')

Working with default values:

To define default values, extra arguments can be added to the config function in our settings.

EMAIL_PORT = config('EMAIL_PORT', default=587, cast=int)

By defining a default value for the EMAIL_PORT parameter, we do not necessarily need to define it in our .env file.

Overriding config files

Sometimes we may want to change a parameter value without having to edit the .env files. We can override a config parameter by simply doing this:

DEBUG=True python manage.py

Best Practice:

While working with Git, our .env file should not be committed. We will simply add .env to .gitignore so we don’t commit sensitive data to our remote repository.

Simple steps right?

Follow these simple procedures to make your apps more secure and to learn more about how python-decouple, check this. The source code is also available here.