Manage environment variables use the dotenv pattern with encrypted files.

This project is an attempted port of the credentials pattern found in Ruby on Rails.

Using pip:

pip install env-credentials[django]

Using poetry:

poetry add env-credentials --extras django

Initializing and editing the encrypted credentials file is only supported with Django at this time. Additional CLI tooling can be built for framework-less projects or projects using other frameworks.

After adding the dependency to your project, add the Django app

INSTALLED_APPS = [
    # ...
    'django_credentials',
    # ...
]

You can then initialize the credentials files with

./manage.py credentials init

This will create a two new files called master.key and credentials.env.enc. It will default to adding these files to the same folder as where you attempted to load the values in the same folder as you loaded the values. If following these directions, then that will be in the same folder as your settings.py file.

This will also attempt to add master.key to the .gitignore file colocated with your manage.py file, if it exists.

Be sure to ignore your master.key file if the gitignore file cannot be automatically updated.

Finally, add the following code to your settings.py file to load the credentials into os.environ

from django_credentials import credentials

credentials.load()

You can then edit the values in the file using

./manage.py credentials edit

Custom Credentials Directory

You can put your credentials files, both key and configuration, into a different directory, but must tell the library where they are.

import os

from django_credentials import credentials
from pathlib import Path

current_dir = os.path.dirname(__file__)
credentials.load(credentials_dir=Path(current_dir, credentials_dir))

When initializing and editing the credentials from the CLI, you can pass the dir option

./manage.py credentials -d <path>