Production Settings & Environment Variables
Production settings differ significantly from development — DEBUG off, different database, secure cookies, HTTPS. Use environment variables and separate settings files to manage configurations safely across environments.
15 min•By Priygop Team•Updated 2026
Settings Management
- Never use development settings in production
- Split settings: base.py, dev.py, prod.py
- Or use environment variables with python-decouple
- DEBUG = False in production (always!)
- ALLOWED_HOSTS — Whitelist production domains
- Use .env file for secrets, never commit to Git
- 12-factor app principles for configuration
Production Settings
Production Settings
# Option 1: python-decouple (recommended)
# pip install python-decouple
# .env file (NEVER commit to Git!)
# DEBUG=False
# SECRET_KEY=your-long-random-secret-key
# DATABASE_URL=postgres://user:pass@host:5432/dbname
# ALLOWED_HOSTS=yourdomain.com,www.yourdomain.com
# EMAIL_HOST_PASSWORD=smtp-password
# settings.py
# from decouple import config, Csv
# DEBUG = config('DEBUG', default=False, cast=bool)
# SECRET_KEY = config('SECRET_KEY')
# ALLOWED_HOSTS = config('ALLOWED_HOSTS', cast=Csv())
# import dj_database_url
# DATABASES = {
# 'default': dj_database_url.config(
# default=config('DATABASE_URL')
# )
# }
# Option 2: Split settings files
# settings/
# __init__.py
# base.py # Shared settings
# dev.py # from .base import *; DEBUG = True
# prod.py # from .base import *; DEBUG = False
# Run with specific settings:
# python manage.py runserver --settings=mysite.settings.dev
# DJANGO_SETTINGS_MODULE=mysite.settings.prod gunicorn mysite.wsgi
# .gitignore — ALWAYS exclude:
# .env
# db.sqlite3
# staticfiles/
# media/
# __pycache__/Tip
Tip
Split settings into base.py, development.py, production.py. Import from base and override only what changes.
Diagram
Loading diagram…
QuerySets are LAZY — no DB hit until evaluated.
Common Mistake
Warning
Using the same settings for dev and production. DEBUG=True, weak SECRET_KEY, and SQLite don't belong in production.
Practice Task
Note
(1) Create base.py, dev.py, prod.py settings. (2) Use environment variables for secrets. (3) Test both configs.
Quick Quiz
Key Takeaways
- Production settings differ significantly from development — DEBUG off, different database, secure cookies, HTTPS.
- Never use development settings in production
- Split settings: base.py, dev.py, prod.py
- Or use environment variables with python-decouple