How to create and use .env files in Python - API keys, passwords, DBs

Hi there, Python enthusiasts and startup people! Today, we're going to dive into the fascinating world of .env files and learn how to secure your Python project secrets. Let's get started!

How to create and use .env files in Python - API keys, passwords, DBs

I posted this video to share how I use .env files to keep passwords and other confidential data off of places like GitHub, or wherever you might share your notebooks and scripts.

Check out the video or keep reading for some background info on what .env files are and why we use them.

When available, I use affiliate links in my posts.

Introduction to .env files

🤔
So, what exactly are .env files?

Well, they're simply text files that store environment variables, which are key-value pairs that can be used to configure your application. By using .env files, you can keep sensitive information, like API keys and database credentials, out of your source code. This is crucial for security and makes it easier to manage different configurations for development, testing, and production environments.

Why should I use them?

Unfortunately, it's not uncommon for people to accidentally share passwords and API keys on GitHub. This is usually done by including sensitive information in code that is committed to a public repository, which can be easily accessed by anyone.

There are a few reasons why this happens. First, developers may not be aware that they are including sensitive information in their code. For example, they may include an API key or password as a string literal in their code, without realizing that this information can be easily accessed by anyone who has access to the repository.

Second, developers may be under pressure to get their code working quickly, and may not take the time to properly secure their code before committing it to GitHub.

To mitigate this risk, it's important to follow best practices for securing sensitive information in code. This includes using environment variables to store sensitive information, and using tools like the python-dotenv library to manage environment variables in your code. Additionally, it's important to avoid committing sensitive information to public repositories, and to use private repositories or other secure methods to share code that includes sensitive information.

Overall, while sharing passwords and API keys on GitHub is not uncommon, it's important to take steps to mitigate this risk and ensure that sensitive information is properly secured in your code.


How to use python-dotenv

Installing python-dotenv

To work with .env files in Python, you can use the 'python-dotenv' library. To install it, simply run the following command in your terminal or command prompt:

pip install python-dotenv

The python-dotenv library is a Python library that allows you to load environment variables from a .env file into your Python project. The library is useful for managing sensitive information such as API keys, passwords, and other credentials that you do not want to store in your source code.

The library reads the key-value pairs defined in the .env file and sets them as environment variables that can be accessed in your Python code using the os.environ dictionary. This makes it easy to manage configuration settings for your project in a central location and keep sensitive information separate from your source code.

Usage example

Here's an example of how to use python-dotenv to load environment variables from a .env file:

  1. Install the library using pip install python-dotenv.
  2. Create a .env file in the root of your project directory and define your environment variables in the format KEY=VALUE. For example: API_KEY=abcdef123456.
  3. In your Python code, import the dotenv module and load the environment variables from the .env file using dotenv.load_dotenv().
  4. Access the environment variables in your code using os.environ['KEY'].

Here's an example code snippet that demonstrates how to use python-dotenv:

import os
from dotenv import load_dotenv

# Load environment variables from .env file
load_dotenv()

# Access environment variables
api_key = os.environ['API_KEY']

Overall, python-dotenv is a useful library for managing configuration settings and sensitive information in Python projects.

.env file best practices

Here are some best practices for using .env files:

  1. Always add your .env file to your .gitignore file to prevent it from being accidentally committed to your version control system.
  2. Use different .env files for different environments, like development, testing, and production. You can create separate files like '.env.development', '.env.testing', and '.env.production' and load them accordingly.
  3. Never hardcode sensitive information in your source code. Always use environment variables to store and access this data.
  4. Keep your .env files organized and well-documented. Use comments to explain the purpose of each variable and provide examples if necessary.

YouTube #short


Some alternatives to the python-dotenv library

There are several alternative libraries to the python-dotenv library for managing environment variables in Python projects. Here are a few examples:

python-decouple: Similar to python-dotenv, python-decouple allows you to define configuration variables in a .env file and load them into your Python project as environment variables. It also supports alternative configuration sources such as INI and YAML files.

environs: environs is a lightweight library that allows you to define environment variables and their default values in your code using a schema. It also includes features for validating and converting values, and supports loading environment variables from .env files.

dynaconf: dynaconf is a more comprehensive configuration management library that supports loading configuration variables from multiple sources, including environment variables, .env files, JSON and YAML files, and more. It includes features such as hierarchical configuration and type conversion.

configparser: configparser is a built-in Python library for working with configuration files in INI format. While it does not specifically support loading environment variables, it can be used to read configuration values from a file and set them as environment variables in your code.

Overall, the choice of a library for managing environment variables in your Python project depends on your specific needs and preferences. Consider factors such as ease of use, flexibility, and features when evaluating alternative libraries.