Why we use .env file for secret key in django? Is it also required if

Question

Hi, Why we use .env file for secret key in django? Is it also required if we use it on our own server and using apache to host with django. I want to know what is special with this .env or .ini file. What it provides that makes a django site more secured?

Rajanikant Hawaldar · Answer

I'm using .env file to keep all third party seceret key. Because at the end of the day we push our code to any public or private repository. In case when we use .env file then we can ignore or restrict that file. Now when we deploy that code to any server then we can simply copy that file on server and we can use that without any update doing in code.

Sachin Singh · Answer

a .env file is an easy way to load custom configuration variables that your application needs without having to modify .htaccess files or Apache/nginx virtual hosts. This means you won't have to edit any files outside the project, and all the environment variables are always set no matter how you run your project - Apache, Nginx, CLI, and even PHP 5.4's built-in webserver. It's WAY easier than all the other ways you know of to set environment variables, You should never store sensitive credentials in your code. Storing configuration in the environment is one of the tenets of a twelve-factor app. Anything that is likely to change between deployment environments – such as database credentials or credentials for 3rd party services – should be extracted from the code into environment variables. there is no such difference between the two yet prefer env.