Environment variables
Environment variables are dynamic values stored outside your application code, typically used to configure sensitive or environment-specific information such as API keys, database credentials, and secret tokens. They help separate configuration from the codebase, promoting security, scalability, and flexibility—especially when deploying across different environments like development, staging, and production.
Instead of hardcoding sensitive information directly into the source code, environment variables allow you to define them in external files (like .env) or directly within the server’s environment. For example, instead of placing an API key in your script, you can store it in a .env file as OPENAI_API_KEY=your_key_here and use os.getenv("OPENAI_API_KEY") in Python to access it.
This approach keeps secrets hidden from version control and makes it easier to update configuration values without modifying the code. Libraries like python-dotenv can be used to load these variables from a .env file at runtime.
Why env variables important
Environment variables are important because they secure, simplify, and separate application configuration from code. Here’s why they matter:
Security: They keep sensitive data like API keys, passwords, and tokens out of your code. This prevents accidental leaks if your code is shared or published (e.g., on GitHub).
Environment Flexibility: You can run the same code in different environments (development, staging, production) by just changing the environment variables—no need to touch the code.
Ease of Deployment: Environment variables allow easy updates to config values without redeploying or modifying the application code.
Version Control Safety: Since
.envfiles are typically listed in.gitignore, secrets don’t end up in your Git repository.Cleaner Codebase: Instead of hardcoding values, you use
os.getenv()or similar, making your code more reusable and maintainable.Scalability: In large applications or microservices, managing settings through environment variables ensures consistency and control across services.
In short, they are a best practice for secure, maintainable, and portable application development.
setting up environment variables
Environment variables are a great way to configure your Python applications without hardcoding sensitive information. Here are several methods to set them up:
First thing, we need to do is create an environment variable and the way we can create our keys that not have to save this in public for everyone to be able to see your API key. Need to create a secret file called a dot env file.
Now this environmental file is always called dot env and now inside our .env file we create that key value pair where our keys are the secret key. Our value is going to be whatever our key is. Now on your local environment.
Loading variables from secret .env
To implement environmental variables, we need to install dot environment in python:
(fastapienv) PS C:\Users\zakir\chatgpt\2025\RaiyanBot_Helpdesk_demo_v1> pip install python-dotenv
If we deploy our application or we move it to git, if someone ever gets our code off the internet, our API key will be taken as well and we want to add a variable here that gets populated from the server, not from the code. So if our application is running on our machine, we can grab this key from somewhere on our machine.
Or if it’s deployed to the server, we have our environmental variable on the server, not
necessarily in the code.
What we need to do here is after we do a pip install for our dot env. We now can import OS, which means our operating system, and then we can import from dot env import load dot env. Now, the very first
thing we need to do is run this function load dot env.
from openai import Openai
import os
from dotenv import load_dotenv
load_dotenv()
client = OpenAI(api_key=os.getenv(“OPENAI_SECRET_KEY”
store_id = os.getenv(“VECTOR_STORAGE_ID”)
assistant_id = os.getenv(“OPENAI_ASSISTANT_ID”)
This will populate everything we have in a secret file called a dot env file. We will not put this file anywhere else other than your local code as well as we will not be moving the dot env file with it. It is essential to create a new spot within the server of whatever is deploying our application to store this value. So when we deploy our application, we will physically set this key value pair on the server. This means your code will not have a record of this key value pair other than whatever it retrieves.