Configuration¶
This page explains environment configuration, the .env file, required variables, and the rationale behind keeping secrets stable.
How configuration is loaded¶
python-dotenvloads variables from.envat startup (seeload_dotenv()inoc_lettings_site/settings.py)System environment variables take precedence over the
.envfile
Required environment variables¶
ENV_MODE- Values:dev(default),prod- Controls:DEBUGflag andALLOWED_HOSTSDJANGO_SECRET_KEY- Required in production - Used to sign sessions, CSRF tokens, and other cryptographic features - Keep it strong and stable across deployments to avoid invalidating sessions and tokensSENTRY_DSN(optional) - Enables Sentry error reporting
Using a .env file¶
Create a
.envat the project root based on.env.exampleDo not commit your
.envfile—store secrets securely
Example .env:
ENV_MODE=dev
DJANGO_SECRET_KEY=your_super_strong_secret_key
SENTRY_DSN=
Generating secrets¶
See Orange County Lettings - Clinkey for web UI and CLI
Example:
pip install clinkey-cli DJANGO_SECRET_KEY=$(clinkey -t super_strong -l 64 -s - --lower)
Secret key stability and data access¶
DJANGO_SECRET_KEYdoes not control direct database accessChanging it invalidates signed data (sessions, password reset tokens, some caches)
For production, plan rotations to minimize user impact (e.g., scheduled maintenance)
Deployment notes¶
On Docker: set variables via
-eor a compose fileOn Render: set variables in the service dashboard
In CI: store secrets in GitHub Actions secrets (never in code)
Orange County Lettings