I have a Django application where all the secret information (secret key and keys for encryption) are in the .env file as environment variables - I'm using the python-dotenv library. After starting the application, I removed the .env file from the server files and the application continues to work as it should. Can deleting this file cause any problems? Is there any other (or better) way to secure these secrets in a Django application? If it's relevant, I use pythonanywhere.com
Asked
Active
Viewed 406 times
4
-
If you restart the server, you'll need the .env file. – raphael Dec 18 '22 at 01:47
-
@raphael Yea, but can i just leave it saved on pc and only upload if i want to restart the server? I mean I have a copy of this file all the time on my computer. – fasfrtewqt2354r2edrq Dec 18 '22 at 02:03
-
This might help https://stackoverflow.com/a/65330139/10951070 – raphael Dec 18 '22 at 02:13
-
Once the app is running, removing the .env should not hurt anything. – John Gordon Dec 18 '22 at 03:08
-
@JohnGordon Thank you for the clarification. Do you know if this is a good way to keep the data in the .env file safe? – fasfrtewqt2354r2edrq Dec 18 '22 at 04:14
-
1.env file is as secure as your whole account. Your web app on PythonAnywhere may be reloaded at any moment as a side effect of migration between instances. – Filip Dec 18 '22 at 12:34
1 Answers
1
You shouldn't need .env file if you instead set up Environment variables while initialising the server machine.
Many Cloud Service Providers let you do that. If you're setting up a docker container in Google App run, you should be able to setup environment variables or when setting up virtual machine with predetermined environment variables.
This should eliminate any requirement for having .env file.
Anurag Dhadse
- 1,722
- 1
- 13
- 26
-
What about trying to run your application locally for testing? This makes sense when you deploy your application to production, but what is the alternative to using a dot ENV file locally? – Pants Jun 06 '23 at 16:17
-
IDE's also support environment variables via build configurations or run configurations. – Anurag Dhadse Jun 07 '23 at 09:48