Environment Variable: What is an Environment Variable?

What is an Environment Variable?

An environment variable is a key-value pair defined at the operating system or process level, accessible by all applications running in that context. It is a fundamental configuration mechanism that allows parameterizing software behavior without touching the source code. The concept has existed since the first Unix systems in the 1970s and remains the standard for configuring production applications today.

In modern web development, environment variables play a crucial role. They enable separating configuration from code, following the Twelve-Factor App principles. The same application can thus run in development, staging, and production without any code modification, simply by changing environment variable values.

At KERN-IT, environment variables are ubiquitous in our Django projects. The Django secret key (SECRET_KEY), database credentials, API keys (Stripe, SendGrid, Google), and external service URLs are all managed through environment variables, stored in .env files locally and in secrets managers in production.

Why Environment Variables Matter

Environment variables solve several critical problems in professional software development, from security to deployment flexibility.

• Secret security: passwords, API keys, and tokens should never appear in source code. Environment variables allow injecting them at runtime without versioning them in Git.
• Cross-environment portability: the same code can run locally (with an SQLite database), in staging (with a test PostgreSQL database), and in production (with a replicated PostgreSQL database) thanks to environment variables.
• Configuration without redeployment: modifying an environment variable only requires restarting the application, not recompiling or redeploying code.
• Secure collaboration: each developer can have their own values (test API keys, local database) without impacting other team members.
• Compliance and audit: secrets managed via environment variables are easier to audit, revoke, and rotate than hardcoded secrets.

How It Works

Environment variables are defined at the operating system or process level. On Linux/macOS, the command export DATABASE_URL=postgres://user:pass@host/db defines a variable for the current shell session. On Windows, the set command or system settings achieve the same result.

In Python, access to environment variables is done through the os module: os.environ.get("DATABASE_URL") or os.getenv("DATABASE_URL", "default_value"). Django uses this mechanism in its settings files to retrieve all sensitive configurations.

The .env file is a popular convention that groups all environment variables in a simple text file at the project root. Libraries like python-dotenv or django-environ automatically load this file at application startup. This file must be added to .gitignore to never be versioned.

Common Environment Variables

Some environment variables are nearly universal in web projects. SECRET_KEY is Django's cryptographic key used to sign sessions and tokens. DEBUG enables or disables debug mode (imperatively False in production). DATABASE_URL contains the database connection string.

API keys for third-party services often follow the convention SERVICE_API_KEY: STRIPE_SECRET_KEY, SENDGRID_API_KEY, GOOGLE_MAPS_API_KEY. Service URLs are stored in variables like REDIS_URL, CELERY_BROKER_URL, or SENTRY_DSN.

Concrete Example

A KERN-IT project uses environment variables to manage its Django configuration. The settings/base.py file contains lines like SECRET_KEY = os.environ.get("SECRET_KEY") and DEBUG = os.environ.get("DEBUG", "False") == "True". In development, a .env file contains local values. In production, variables are configured in the Supervisor process manager.

When a new developer joins the project, they receive a .env.example file (versioned, with placeholder values) that they copy to .env and fill with their own test API keys. The project works immediately without any secret transiting through Git or email.

Best Practices

1. Never version the .env file: add .env to .gitignore from the moment the repository is created. This is the most important security rule.
2. Provide a .env.example: version a .env.example file with all required variables but placeholder values, serving as documentation and a template for new developers.
3. Validate variables at startup: verify that all required variables are defined at application launch and fail fast with a clear message if a variable is missing.
4. Use explicit names: prefer SMTP_HOST over HOST and POSTGRES_PASSWORD over PW. Clear names facilitate maintenance.
5. Separate environments: never reuse the same API keys or passwords between development, staging, and production.

Conclusion

Environment variables are a pillar of modern software configuration. They ensure secret security, code portability between environments, and configuration flexibility without code modification. It is a simple but fundamental practice that every developer must master to build professional, secure, and easily deployable applications.