Favorite 3rd Party Environment Variables Package?

wsvincent · January 6, 2023, 3:29pm

I’m curious what 3rd party packages folks like for managing environment variables. And please justify why? The popular packages I’m aware of are:

Personally I’m partial to environs because you can install it with additional Django support to also use dj-database-url, django-cache-url, and dj-email-url. But all of the popular packages listed above do more of less the same thing.

Does anyone feel very strongly about one package over another? Or is there an obvious additional package I’m missing from this list?

jeff · January 6, 2023, 3:48pm

environs, specifically environs[django] is my env library of choice. Not only does it bundle the libraries you mentioned, but it also has a few Django-specific parsing features, which are nice. I use environs for non-Django projects, too, so having a library that works with both is nice.

One tip that I think is worth passing along is to avoid using the read_env() method even though all of these libraries recommend it. read_env() will look for a .env file which sounds good in theory, but use a library like direnv to load your ENV variables into memory or let your container load ENV variables from either a .env file or from secrets. This will save you grief/bad production practices later.

wsvincent · January 6, 2023, 4:03pm

Yes! What @jeff said around read_env() and not relying on a .env file if you can since it is easy to have that loaded into Git or production by mistake.

satya · January 6, 2023, 4:19pm

I’m using environs. It’s worked well and I like that it’s a minimal package relying marshmallow to do the heavy lifting.

markwalker · January 6, 2023, 4:45pm

I’m a big fan of python-dotenv for local development. Hooking it into manage.py and using a filename which docker won’t try to read for its own variables. (I think it uses .env if that exists…)

I tried swapping to environs but I didn’t get on with it. I recall it throwing errors if things weren’t defined.

DmytroLitvinov · January 7, 2023, 10:35am

Historically, I used django-environ for my Django projects, so I use it everywhere now on all projects.

cehceh · January 10, 2023, 10:42am

I’m working with django-environ , But I like to know more about the other packages like
python-dotenv that @markwalker talked about and environs that @jeff, @satya and @wsvincent talked about,

nice post and discussion @wsvincent

matthiask · January 13, 2023, 1:09pm

I’m partial to my own speckenv library but I’m always looking around to find other solutions.

What I like most about it is the simple and short implementation speckenv/speckenv.py at main · matthiask/speckenv · GitHub and maybe the fact that it contains opinionated replacements for other 12 factor libraries which 1. only support what I want them to and 2. do not add schemes to urllib without any need. Maybe it was necessary to register custom schemes in the past. Everything works fine these days without adding schemes to a list which isn’t owned by the 12 factor library.

Corentin · January 16, 2023, 8:29am

I’m using os.getenv("KEY", 'default_value'), and I must admit that I don’t really know why there is so much environment-variables-managing-packages laying around, what are their advantages over this function?

markwalker · January 16, 2023, 8:46pm

@Corentin If you’re doing it like that then you need to make sure the environment variables are set.

With these packages you can define key/value pairs in a file which are automatically loaded into the environment.

This might not sound that useful, but consider a local file, ignored by git. A developer can define everything they need for running a project such as their local database server details. The projects manage.py is updated to use the chosen env var package and when the file is used, it loads the variables from the file into the environment.

At least this is my workflow with python-dotenv.

Corentin · January 16, 2023, 10:08pm

I’m using a .env file in my project folder, and I source it after activating the venv, it works really well and I don’t have ton install another dependency.
My personal django projects are started by services (launching scripts containing the source venv/.env) so it’s fully automated

KenWhitesell · January 16, 2023, 10:45pm

One feature of these packages is that they tend to provide for “type awareness”. For example, your DEBUG setting should be True or False (boolean value). However, os.getenv is going to return a string, regardless of the desired type. It would then be up to you to add the code to your settings file to verify or convert values.

This becomes extremely valuable when you’re working in an environment where developers don’t have control over that environment settings file.

Corentin · January 17, 2023, 8:09am

Thanks for the explanation

I’m using two settings files, settings/dev.py & settings/base.py, and I just set the DJANGO_SETTINGS_MODULE to either website.settings.dev or website.settings.base. But I see the good points of type awareness. It’s just I didn’t need them for my small projects (for now).

sdolemelipone · January 19, 2023, 3:09am

I have only ever used python-decouple after it was suggested to me in a tutorial. I haven’t found it lacking, so haven’t had reason to look elsewhere. One feature I do like is specifying an env file, so that I can use a docker secret to store my environment variable files.

cehceh · January 19, 2023, 12:55pm

@sdolemelipone
Python-decouple makes conflicts with deployment so I’m using django-environs . But If it’s OK with you that’s nice.
The bad behavior of it come when I tried to deploy my project on Heroku (also I do’t like it) but I have to deploy the project on Heroku because my manager ask me to do so.
I like deployment on pythonanywhere or digital ocean (both sites are good and meet the developer brain schema)

egrep · June 26, 2023, 5:00pm

Hello from the current maintainer of django-environ,

I apologize for such a late response. There have been too many changes in my life over the past year, including the war in Ukraine, my family’s move to Europe, difficulties at work, legalization in another country, and so on.

The devil is in the details. To simply read an environment variable, you don’t need a complex system. This can be achieved with standard approaches. The difficulties usually come with user requests for some non-standard interpretation, for example, reading complexly organized data structures and extracting some information from there, typing, validation, using variables from different sources, forming specially formatted formats for Django, evaluation, etc. As soon as you start taking all this into account, trying to think through a universal tool, you immediately start playing a different game. The complexity of such a project increases exponentially.

Moreover, I must admit that when I was researching similar libraries and tools in various ecosystems, I came to the conclusion that they all have something in common, but even more so they are different. This difference is manifested in the form of details, additional features, or some peculiarity when performing one or another operation.

Regarding django-environ, I can say that if you have found a vulnerability that has not been reported before, please let me know. You can do this by opening an issue on GitHub, sending me a private message on this forum, or even sending me an email. As I mentioned above, I am a bit overloaded right now, so I can’t guarantee a lightning-fast response. But I do review all issues and pay attention to them. If anyone wants to help by making a Pull Request with a fix or addition, it is also welcome.

codekiln · July 31, 2023, 6:12pm

Anyone here using dynaconf? It seems to have great test coverage and to be actively maintained.