Python: Handling secrets (environment variables)

This documentation is part of the Advanced usages guide. View the full guide here: Going further with your Python deployments.

👋 Welcome to the Stackhero documentation!

Stackhero offers a ready-to-use Python cloud solution that provides a host of benefits, including:

  • Deploy your application in seconds with a simple git push.
  • Use your own domain name and benefit from the automatic configuration of HTTPS certificates for enhanced security.
  • Enjoy peace of mind with automatic backups, one-click updates, and straightforward, transparent, and predictable pricing.
  • Get optimal performance and robust security thanks to a private and dedicated VM.

Save time and simplify your life: it only takes 5 minutes to try Stackhero's Python cloud hosting solution!

At some point, you will need to store secrets such as tokens and passwords for databases or third-party services. It is important to store these securely. Avoid embedding them directly in your repository or code as this creates a significant security risk.

Using environment variables offers two key benefits:

  1. Your secrets are never stored in your Git repository, reducing the risk of unauthorized access.
  2. You can use different credentials for various environments, such as using a production database in production and a development database during development.

In a development environment, create a .env file at the root of your project. This file should be excluded from Git to ensure it is never committed.

To automatically read the .env file, you can use the python-dotenv module:

pip install python-dotenv
pip freeze > requirements.txt

Then, create a .env file at the root of your project and add your variables:

ENV="development"
DATABASE_PASSWORD="secretPassword"
THIRD_API_PRIVATE_KEY="secretKey"
# ...

Finally, ensure the .env file is excluded from Git by adding it to your .gitignore:

echo ".env" >> .gitignore

The .env file is not secure enough for staging and production environments. Instead, Stackhero allows you to securely store your environment variables directly in your Python service configuration.

You can set these variables in the Stackhero dashboard by selecting your Python service and then clicking on the "Configure" button.

Python environment variables on StackheroPython environment variables on Stackhero

Accessing environment variables in Python is simple. Just use os.environ.get() as shown below:

import os

print(os.environ.get('ENV'))

For example, connecting to a Redis server using an environment variable can be done like this:

import os
import redis

r = redis.from_url(os.environ.get("REDIS_URL"))

In a development environment, set the REDIS_URL in your .env file as follows:

REDIS_URL="redis://localhost:6379"

For production and staging, define REDIS_URL on the Stackhero dashboard under the Python service configuration:

REDIS_URL="rediss://default:<yourPassword>@<XXXXXX>.stackhero-network.com:6380"