DEV Community

Discussion on: Django Cheat Sheet: Keep Credentials Secure with Environment Variables

pandichef profile image

I used to do this. Now I just have a file (which is not in the repo obviously) and just type "from mysecrets import *" at the top of The problem I had with .env is with debug mode. Say someone on your team accidentally deploys in prod with DEBUG=True. If an end-user hits a python exception for some reason, the environment variables all appear on the Django debug screen. In contrast, regular python variables in are obfuscated by Django. Have you noticed this? Does it concern you?