Easily Store Django Variables and Parameters with Decouple
I’ve recently been dipping my toes into python, and upon successfully setting up my first functioning Django back-end with auth, I encountered the classic scenario — where do I store the local secret key? I’m accustomed to using the dotenv gem with Ruby on Rails, but wasn’t too sure where to turn when it came to Django apps — until a friend recently introduced me to Python-Decouple.
Although it’s possible to store the configuration settings right in the code, it’s best to keep it separated and in a packaged “environment.” Python-Decouple is a handy library that allows you to separate settings parameters from your source code. Decouple also has the ability to store different configurations based on various development stages, so it’s useful to handle anything that could change between deployed environments. Other than secret keys, some other configuration settings that could be stored with the library might include database URLs, debugging status, and host information — but for the purpose of this article, we’re going to stick with securely storing your secret key.
Installing Python-Decouple
In your terminal, run:
pip install python-decoupleA word of warning — make sure you explicitly install python-decouple, and not just decouple. I recently had a friend do the latter, and even after installing the correct version, the config wouldn’t import until the wrong version was manually uninstalled.
Add Your Import
Then, within your settings.py file, import config (which is actually an object) from the library.
from decouple import configSecure Your Settings File
Still in your settings.py, replace your original secret key with this line:
SECRET_KEY = config(‘SECRET_KEY’)If you still wish to use that exact key, keep it on hand somewhere for the next step. If not, feel free to simply paste over it.
Store Your Information
Now, create a .env file at your root directory — this is usually level with your src folder.
Within that file, you can now add any configuration settings that you’d like. Add your secret key like so:
SECRET_KEY=WHATEVERYOUWANTYOURSECRETTOBEPush to Public Repo as Desired
Secrets now safely stored in your config from decouple, all you need to do is create a .gitignore file at the same level, and add in your .env file. Once you see the .env turn gray in your editor sidebar, you’re good to go — push away!
Other Considerations
- In addition to supporting a .env file, decouple also allows you to use .inv files
- After version 3.0, actual environment variables will override config settings. Decouple searches for options in this order: environment, config, and then default arguments.
- Learn more with the official docs
Thanks for reading! Please feel free to reach out with any suggestions for additions, rephrasing, or corrections — it’s all part of the ongoing learning process.
