Open in app

Sign in

Write

Sign in

Using .env and .gitignore to not keep tracking sensitive variables

Yuki Nagano
3 min readMar 16, 2022

While working as a software engineer, you often encounter files that you’re not familiar with.

In my case, one of them was .env and .gitignore files.

But the reality is you might not care about those files that much during development at work.

I myself thought when I was building my personal web app, the time tracker for workers with Python and Django like,

“Wait… isn’t it perhaps dangerous to put every database information into settings.py? and push to GitHub…?”

“But how can I avoid that…?”

I ended up realizing I’d seen .gitignore at work,

So this time I used them to not keep tracking the sensitive info like database connection and put that info in a separate file instead so that you don’t need to push reveal the info on GitHub.

(Well, it’s okay to push that info on GitHub with private repo though, you know what I mean.)

So why should we use them?

The whole point of this post is you can literally ignore specific files so that it won’t be on public.

Also I thought I can use it not only stashing sensitive data but also the files that you locally use — stuff like your IDE-related files (.idea) or OS-related (.DS_Store).

Utilizing that, you can keep the untracked files area clean, and easier to see when you push your code or changes.

What is sensitive data specifically?

“Sensitive data” varies.

But in this post, I mean it’s like something database connection information and the secret key of Django application and so on.

Anything that you don’t want to make public!

What is .env for?

.env is a file that you write any sensitive data.

You write something like this;

# Heroku Postgres
DATABASE_URL=postgres://xxxxxxx...# Secret key
SECRET_KEY=xxxxxxxxxxxxxxxxxxxxxxx

Don’t worry, you won’t commit or push this file, only local.

And you’ll get these variables at settings.py by calling the variables.

Later you’ll add .env to .gitignore to do it.

What is .gitignore for?

.gitignore is for writing a file’s name so that it won’t be tracked when you commit or push to GitHub.

You can manually add a file that named .gitignore, and list the files that you don’t want to push.

In my .gitignore file, it is like this;

# environment variables
.env# will set it up later
Dockerfile# others
*$py.class
__pycache__
.DS_Store
*.log

The Dockerfile is something that I want to set up later (right now I’m just using a local server) so I stash it.

How do you use env data from settings.py?

If you’re using Django, then you’ll get env data from settings.py.

You simply import some libraries and get env data by calling getenv() method.

import os
from dotenv import load_dotenv
load_dotenv()SECRET_KEY = os.getenv('SECRET_KEY')

Pass the variable name that you set at .env as a parameter.

What if I want to share sensitive data with a new teammate?

This question was actually what I was curious about.

Because I wanted to share the .env file with my sister who will also work on the project together.

As far as I googled, it is normally shared by just copy and paste (At least my past teams were like putting the info on the “local environment” documentation)

How does your team deal with this sharing stuff?

Comment here and tell me :)

To sum up…

Glad to dig into them :)

Building projects always gives me a lot of opportunities to learn new things.

Git
Django
Gitignore
Env File

--

--

Yuki Nagano

Written by Yuki Nagano

20 Followers

Back-End Engineer, Software Engineer | Green Card Lottery (DV-2020) Winner | Write about daily learning :)

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams