– Leaking configuration details in error messages can expose sensitive information. Always sanitize error responses and avoid including environment variables in client-facing error messages.
DB_HOST=localhost DB_PORT=5432 DB_USERNAME=myuser DB_PASSWORD=mypassword
import os
: The baseline configuration file containing standard defaults shared across all development environments. .env.python.local
ENV_PATH=.env.local python manage.py runserver --settings=config.settings.local
import os from pathlib import Path from dotenv import load_dotenv # Define the root path of your project base_dir = Path(__file__).resolve().parent # 1. Load the standard .env file first for defaults load_dotenv(dotenv_path=base_dir / ".env") # 2. Load the .env.python.local file next. # override=True ensures local settings take precedence over standard .env settings. local_env_path = base_dir / ".env.python.local" if local_env_path.exists(): load_dotenv(dotenv_path=local_env_path, override=True) # Access your variables safely database_url = os.getenv("LOCAL_DB_URI") api_key = os.getenv("API_SECRET_KEY") debug_mode = os.getenv("PYTHONDEBUG") print(f"Database URL loaded: database_url") Use code with caution. Best Practices for Managing .env.python.local
# Load variables from the .env file into the system environment load_dotenv() # Access them using os.getenv = os.getenv( debug_mode = os.getenv( Connected with API Key: Use code with caution. Copied to clipboard Summary of Files – Leaking configuration details in error messages can
The most important rule? . This is the first and most critical line of defense to prevent accidentally committing sensitive information to your repository.
: Hardcoded fallbacks within the Python source code.
Alex tested it. The laptop showed beautiful, detailed error pages. The work computer (which had no .env.python.local file) quietly used DEBUG=False as before. ENV_PATH=
| Approach | When to use | |----------|-------------| | | CI/CD, production servers | | django-environ with .env | Django-specific projects | | Python config.py module | Simple scripts without secrets | | Vault/Secrets Manager | Production secrets management | | .bashrc / *.profile | Shell-wide variables (not project-specific) |
How you currently (e.g., pip, Poetry, Pipenv).
By adding .env to your .gitignore , you ensure private keys never reach public repositories.
To use these files, you need a library that can parse them and load them into os.environ . The most popular tool for this is python-dotenv . 1. Installation First, install the library via pip: pip install python-dotenv Use code with caution. 2. Loading the Files with Priority
