[For beginners] Read DB authentication information from environment variables

Introduction

This is the first post. It's the end of the year, so when I think about what I left behind this year, I think that [Post to Qiita] came to my mind, so I'll write it as my own memo and output. This time, I will output what I learned when developing web applications with the Python framework Django, but the idea is the same for other languages and frameworks, so please try it. This time, I will write about how to improve the confidentiality of authentication information by setting the values of authentication information in environment variables and not writing the authentication information directly in the source code.

What makes me happy when I read authentication information from environment variables?

-[x] Authentication information is not leaked to the outside when the source code is uploaded to Github etc. -[x] Authentication information can be set for each environment, so it can be executed without changing the source code.

Solid authentication information → Since the authentication information is embedded in the code, it is possible that the authentication information will be disclosed as it is when sharing it with others. There is also a case where an AWS instance was hijacked and a large amount of bill was received. .. A story about a beginner who made a mistake on AWS and was abused and charged $ 6,000, almost crying.

Therefore ,,, The main purpose of this article is to ** maintain security ** without writing authentication information solidly on the source code by reading from OS-dependent environment variables!

procedure

--Set environment variables --Read environment variables for credentials

Set environment variables

There are two setting methods -Register from the [Edit system environment variables] screen ・ Register by command input from Terminal

This time, I will introduce the second method of setting from Terminal. Use the ** SETX ** command to set environment variables that can be used permanently from Terminal. Hold down Ctrl + Shift and run the command prompt in administrator mode.

terminal


SETX environment variable name value#User environment variables
SETX /M environment variable name value#System environment variables

** Please note that you cannot read the newly set environment variable until you close the IDE once after setting the environment variable! ** ← I was addicted to this. ..

Read credentials from environment variables

You can get the same value with either of the following notations, When calling an environment variable that does not exist, the default value "None" is returned for the former, and an error is returned for the latter.

test.py


import os
os.environ.get('Environment variable name') # 'Environment variable name'Get the environment variables of
os.environ['Environment variable name']   # 'Environment variable name'Get the environment variables of

This is the case where the authentication information is solid

setting.py


DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'sample', #Created database name
        'USER': 'root', #Login user name,
     'PASSWORD':'root', #Login password name,
        'HOST': '',
        'PORT': '', 
    }
}

By rewriting the above source code to read from environment variables as shown below I'm hiding my credentials.

setting.py


DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'sample', #Created database name
        'USER': os.environ.get('DB_USERNAME'), #Login user name
        'PASSWORD': os.environ.get('DB_PASSWORD'), #Login password
        'HOST': os.environ.get('DB_HOST'),
        'PORT': os.environ.get('DB_PORT'),
    }
}

in conclusion

Since the first post and knowledge are shallow, I would appreciate it if you could let me know if there are any mistakes in writing. Thank you for reading to the end.

Recommended Posts

[For beginners] Read DB authentication information from environment variables
Python3 environment construction (for beginners)
[For beginners] Django -Development environment construction-
Read system environment variables with python-Part 1
Read system environment variables with python-Part 2
How to read environment variables from .env file in PyCharm (on Mac)
Programming environment for beginners made on Windows
Beginners read "Introduction to TensorFlow 2.0 for Experts"
[Python] Read images with OpenCV (for beginners)
Search for Pokemon haunting information from Twitter
Collecting information from Twitter with Python (Environment construction)
For beginners to build an Anaconda environment. (Memo)
Memo # 3 for Python beginners to read "Detailed Python Grammar"
Memo # 1 for Python beginners to read "Detailed Python Grammar"
Memo # 2 for Python beginners to read "Detailed Python Grammar"
Memo # 7 for Python beginners to read "Detailed Python Grammar"
Memo # 6 for Python beginners to read "Detailed Python Grammar"
~ Tips for Python beginners from Pythonista with love ② ~
Memo # 5 for Python beginners to read "Detailed Python Grammar"
[Hands-on for beginners] Read kaggle's "Predicting Home Prices" line by line (Part 5: Dummy categorical variables)