When it comes to managing the configuration and sensitive information of your production environment, making the right choices is crucial.

One common practice that developers often contemplate is the use of a .env file in a production environment, as they may have been used to, in a development environment.

But, should you use a .env file in production?

Using a .env file in production is not recommended. Instead, rely on app configuration settings provided by hosting providers like Digital Ocean, Heroku, AWS Elastic Beanstalk, or Azure App Service to add your app-specific environment variables.

These hosting solutions provide the option of adding environment variables in the form of key (env variable name) and value (env variable value) pair used by your web application.

You can access the Environment Variable configuration settings in the App Management Dashboard under the Settings tab on most of these providers.

These services offer secure and scalable ways to manage environment variables, ensuring better control, compatibility, and ease of deployment in production environments.

What is env in development vs env in production?

In development, the “env” refers to the environment in which your application is running, typically on your local machine.

In this context, an “.env” file is commonly used to store environment variables specific to the development environment.

It allows you, as a developer, to set and manage configuration values without hardcoding them into the codebase.

However, in a production environment, the use of .env files is generally not recommended.

Why not use .env files in production?

While .env files serve as a convenient tool for managing environment variables in development environments, they are generally not recommended for use in production.

Here’s why:

  1. Security Risks: .env files are typically plain text files, making them vulnerable to unauthorized access and exposure of sensitive information. Storing important credentials, API keys, or other secrets in a .env file increases the risk of these details falling into the wrong hands.
  2. Lack of Encryption: .env files lack built-in encryption mechanisms. As a result, any sensitive information stored within them remains susceptible to interception and decryption, potentially compromising the security of your production environment.
  3. Limited Access Control: .env files provide limited access control options. Once a .env file is accessed, anyone with access to the file gains access to all the variables stored within it. Granular access control or permissions management is not feasible, posing a security risk in multi-user or collaborative production environments.
  4. Compliance and Regulatory Concerns: In certain industries or regions, compliance regulations may prohibit storing sensitive data in plain text files. Using .env files in such environments can lead to non-compliance, potentially resulting in legal consequences and reputational damage.
  5. Cloud Service Integration: Popular cloud service providers offer dedicated services for managing environment variables, which provide enhanced security features, scalability, and integration with other cloud services. Utilizing these services instead of .env files ensures better compatibility and optimal utilization of cloud infrastructure.

For the production environment, use app configuration settings to add sensitive information for the app.

Both cloud hosting solutions and Shared Hosting solutions provide an intuitive way of adding these environment variables.

To learn more on how to use environment variables in development and production environments, check out this guide: How to access environment variables in Python

Why use environment variables in production?

Using environment variables in production offers several benefits, particularly in terms of ensuring security and confidentiality, as well as effectively managing configuration and application secrets.

Here are the advantages of using environment variables in a production environment instead of hard coding them in your code:

  1. Environment variables provide a secure way to store sensitive information, such as API keys, database credentials, and other secrets. By utilizing environment variables, you can avoid hardcoding these confidential details directly into your codebase, reducing the risk of exposing them accidentally or during source code sharing.
  2. Environment variables allow you to restrict access to sensitive information, ensuring that only authorized personnel or processes can access and utilize them. This helps in maintaining a robust security posture and mitigating potential data breaches or unauthorized access attempts.
  3. Environment variables provide a convenient and centralized approach to manage various configuration settings across your application. Instead of modifying code directly, you can adjust environment variables, allowing for quick and easy configuration changes without requiring code recompilation or redeployment.

To recap, here’s

How to use environment variables in production

When it comes to using environment variables in production, relying on dedicated configuration features provided by hosting providers is a recommended approach.

Let’s explore how you can effectively use environment variables in production with examples from DigitalOcean and Heroku.

1. On DigitalOcean

  • Step 1: Log in to your DigitalOcean account and navigate to the Droplets section.
  • Step 2: Select the Droplet where your application will be deployed.
  • Step 3: Go to the Settings tab and find the “Environment” section.
  • Step 4: Add environment variables by specifying the key-value pairs relevant to your application’s configuration. For example, you can set a variable called “DATABASE_URL” with the corresponding database connection string.
  • Step 5: Save the changes and deploy your application. DigitalOcean will automatically make these environment variables available to your application at runtime.

One of the best hosting services that you can use for your Python web applications (Django, Flask, etc.) is DigitalOcean. For me, Digital Ocean has been the go-to hosting service whenever I am hosting my web applications and for my clients.

It is easier to configure a new web app, deploy, and scale your website.

The support is great.

And not to forget how affordable their packages are.

To get started with Digital Ocean, use the link below and you will get a discount for your hosting package plus get free credit for testing the platform. If you love it, you can always upgrade.

Link here:

Get the best Hosting

2. On Heroku

  • Step 1: Log in to your Heroku account and access the dashboard.
  • Step 2: Create a new app or select an existing one where you want to manage environment variables.
  • Step 3: Navigate to the “Settings” tab and find the “Config Vars” section.
  • Step 4: Add your environment variables by providing the key-value pairs for your application’s configuration. For instance, you can set a variable named “API_KEY” with its corresponding value.
  • Step 5: Save the changes, and when you deploy your application to Heroku, it will automatically load these environment variables into the runtime environment.

3. Using Shared Hosting that supports Python apps

When working with shared hosting environments like cPanel, you can still effectively manage environment variables for your Python applications using the “Setup new Python app” tool.

Here’s a step-by-step guide on how to set it up and configure environment variables:

  1. Log in to your cPanel account and navigate to the “Software” section.
  2. Locate and click on the “Setup new Python app” tool. This tool allows you to create and configure Python applications within your shared hosting environment.
  3. Choose the desired Python version and create a new application by specifying a name and selecting the domain or subdomain where you want to deploy it.
  4. In the configuration step, look for the option to set up environment variables. This may vary depending on the specific version of cPanel you are using, but it is typically labeled as “Environment Variables” or “Environment”.
  5. Add your environment variables by specifying the key-value pairs for your application’s configuration. For example, you can set variables like “DATABASE_URL” or “API_KEY” with their corresponding values.
  6. Save the changes and proceed with the setup of your Python application.

More on setting Python apps environment variables in cPanel can be found here.

By following these steps, you can effectively set up and configure environment variables for your Python application in shared hosting environments and on cloud hosting solutions such as DigitalOcean and Heroku.

Create, inspire, repeat!

Software Engineer / Programmer

Dida here, owner and programming enthusiast at crackondev.com. I am a skilled Python developer and writer passionate about creating informative content around how to get started as a programmer to programming in Python. Inspired by passion for creating software solutions, I have accumulated experience by working on various projects, teaching others how to code, and I am dedicated to helping you learn computer science. Seeing other people like you progress and be successful in their programming career is my ultimate purpose that gives me joy.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *