Python Configuration

1---2name: python-configuration3description: Python configuration management via environment variables and typed settings. Use when externalizing config, setting up pydantic-settings, managing secrets, or implementing environment-specific behavior.4---5 6# Python Configuration Management7 8Externalize configuration from code using environment variables and typed settings. Well-managed configuration enables the same code to run in any environment without modification.9 10## When to Use This Skill11 12- Setting up a new project's configuration system13- Migrating from hardcoded values to environment variables14- Implementing pydantic-settings for typed configuration15- Managing secrets and sensitive values16- Creating environment-specific settings (dev/staging/prod)17- Validating configuration at application startup18 19## Core Concepts20 21### 1. Externalized Configuration22 23All environment-specific values (URLs, secrets, feature flags) come from environment variables, not code.24 25### 2. Typed Settings26 27Parse and validate configuration into typed objects at startup, not scattered throughout code.28 29### 3. Fail Fast30 31Validate all required configuration at application boot. Missing config should crash immediately with a clear message.32 33### 4. Sensible Defaults34 35Provide reasonable defaults for local development while requiring explicit values for sensitive settings.36 37## Quick Start38 39```python40from pydantic_settings import BaseSettings41from pydantic import Field42 43class Settings(BaseSettings):44    database_url: str = Field(alias="DATABASE_URL")45    api_key: str = Field(alias="API_KEY")46    debug: bool = Field(default=False, alias="DEBUG")47 48settings = Settings()  # Loads from environment49```50 51## Fundamental Patterns52 53### Pattern 1: Typed Settings with Pydantic54 55Create a central settings class that loads and validates all configuration.56 57```python58from pydantic_settings import BaseSettings59from pydantic import Field, PostgresDsn, ValidationError60import sys61 62class Settings(BaseSettings):63    """Application configuration loaded from environment variables."""64 65    # Database66    db_host: str = Field(alias="DB_HOST")67    db_port: int = Field(default=5432, alias="DB_PORT")68    db_name: str = Field(alias="DB_NAME")69    db_user: str = Field(alias="DB_USER")70    db_password: str = Field(alias="DB_PASSWORD")71 72    # Redis73    redis_url: str = Field(default="redis://localhost:6379", alias="REDIS_URL")74 75    # API Keys76    api_secret_key: str = Field(alias="API_SECRET_KEY")77 78    # Feature flags79    enable_new_feature: bool = Field(default=False, alias="ENABLE_NEW_FEATURE")80 81    model_config = {82        "env_file": ".env",83        "env_file_encoding": "utf-8",84    }85 86# Create singleton instance at module load87try:88    settings = Settings()89except ValidationError as e:90    print(f"Configuration error:\n{e}")91    sys.exit(1)92```93 94Import `settings` throughout your application:95 96```python97from myapp.config import settings98 99def get_database_connection():100    return connect(101        host=settings.db_host,102        port=settings.db_port,103        database=settings.db_name,104    )105```106 107### Pattern 2: Fail Fast on Missing Configuration108 109Required settings should crash the application immediately with a clear error.110 111```python112from pydantic_settings import BaseSettings113from pydantic import Field, ValidationError114import sys115 116class Settings(BaseSettings):117    # Required - no default means it must be set118    api_key: str = Field(alias="API_KEY")119    database_url: str = Field(alias="DATABASE_URL")120 121    # Optional with defaults122    log_level: str = Field(default="INFO", alias="LOG_LEVEL")123 124try:125    settings = Settings()126except ValidationError as e:127    print("=" * 60)128    print("CONFIGURATION ERROR")129    print("=" * 60)130    for error in e.errors():131        field = error["loc"][0]132        print(f"  - {field}: {error['msg']}")133    print("\nPlease set the required environment variables.")134    sys.exit(1)135```136 137A clear error at startup is better than a cryptic `None` failure mid-request.138 139### Pattern 3: Local Development Defaults140 141Provide sensible defaults for local development while requiring explicit values for secrets.142 143```python144class Settings(BaseSettings):145    # Has local default, but prod will override146    db_host: str = Field(default="localhost", alias="DB_HOST")147    db_port: int = Field(default=5432, alias="DB_PORT")148 149    # Always required - no default for secrets150    db_password: str = Field(alias="DB_PASSWORD")151    api_secret_key: str = Field(alias="API_SECRET_KEY")152 153    # Development convenience154    debug: bool = Field(default=False, alias="DEBUG")155 156    model_config = {"env_file": ".env"}157```158 159Create a `.env` file for local development (never commit this):160 161```bash162# .env (add to .gitignore)163DB_PASSWORD=local_dev_password164API_SECRET_KEY=dev-secret-key165DEBUG=true166```167 168### Pattern 4: Namespaced Environment Variables169 170Prefix related variables for clarity and easy debugging.171 172```bash173# Database configuration174DB_HOST=localhost175DB_PORT=5432176DB_NAME=myapp177DB_USER=admin178DB_PASSWORD=secret179 180# Redis configuration181REDIS_URL=redis://localhost:6379182REDIS_MAX_CONNECTIONS=10183 184# Authentication185AUTH_SECRET_KEY=your-secret-key186AUTH_TOKEN_EXPIRY_SECONDS=3600187AUTH_ALGORITHM=HS256188 189# Feature flags190FEATURE_NEW_CHECKOUT=true191FEATURE_BETA_UI=false192```193 194Makes `env | grep DB_` useful for debugging.195 196## Advanced Patterns197 198### Pattern 5: Type Coercion199 200Pydantic handles common conversions automatically.201 202```python203from pydantic_settings import BaseSettings204from pydantic import Field, field_validator205 206class Settings(BaseSettings):207    # Automatically converts "true", "1", "yes" to True208    debug: bool = False209 210    # Automatically converts string to int211    max_connections: int = 100212 213    # Parse comma-separated string to list214    allowed_hosts: list[str] = Field(default_factory=list)215 216    @field_validator("allowed_hosts", mode="before")217    @classmethod218    def parse_allowed_hosts(cls, v: str | list[str]) -> list[str]:219        if isinstance(v, str):220            return [host.strip() for host in v.split(",") if host.strip()]221        return v222```223 224Usage:225 226```bash227ALLOWED_HOSTS=example.com,api.example.com,localhost228MAX_CONNECTIONS=50229DEBUG=true230```231 232### Pattern 6: Environment-Specific Configuration233 234Use an environment enum to switch behavior.235 236```python237from enum import Enum238from pydantic_settings import BaseSettings239from pydantic import Field, computed_field240 241class Environment(str, Enum):242    LOCAL = "local"243    STAGING = "staging"244    PRODUCTION = "production"245 246class Settings(BaseSettings):247    environment: Environment = Field(248        default=Environment.LOCAL,249        alias="ENVIRONMENT",250    )251 252    # Settings that vary by environment253    log_level: str = Field(default="DEBUG", alias="LOG_LEVEL")254 255    @computed_field256    @property257    def is_production(self) -> bool:258        return self.environment == Environment.PRODUCTION259 260    @computed_field261    @property262    def is_local(self) -> bool:263        return self.environment == Environment.LOCAL264 265# Usage266if settings.is_production:267    configure_production_logging()268else:269    configure_debug_logging()270```271 272### Pattern 7: Nested Configuration Groups273 274Organize related settings into nested models.275 276```python277from pydantic import BaseModel278from pydantic_settings import BaseSettings279 280class DatabaseSettings(BaseModel):281    host: str = "localhost"282    port: int = 5432283    name: str284    user: str285    password: str286 287class RedisSettings(BaseModel):288    url: str = "redis://localhost:6379"289    max_connections: int = 10290 291class Settings(BaseSettings):292    database: DatabaseSettings293    redis: RedisSettings294    debug: bool = False295 296    model_config = {297        "env_nested_delimiter": "__",298        "env_file": ".env",299    }300```301 302Environment variables use double underscore for nesting:303 304```bash305DATABASE__HOST=db.example.com306DATABASE__PORT=5432307DATABASE__NAME=myapp308DATABASE__USER=admin309DATABASE__PASSWORD=secret310REDIS__URL=redis://redis.example.com:6379311```312 313### Pattern 8: Secrets from Files314 315For container environments, read secrets from mounted files.316 317```python318from pydantic_settings import BaseSettings319from pydantic import Field320from pathlib import Path321 322class Settings(BaseSettings):323    # Read from environment variable or file324    db_password: str = Field(alias="DB_PASSWORD")325 326    model_config = {327        "secrets_dir": "/run/secrets",  # Docker secrets location328    }329```330 331Pydantic will look for `/run/secrets/db_password` if the env var isn't set.332 333### Pattern 9: Configuration Validation334 335Add custom validation for complex requirements.336 337```python338from pydantic_settings import BaseSettings339from pydantic import Field, model_validator340 341class Settings(BaseSettings):342    db_host: str = Field(alias="DB_HOST")343    db_port: int = Field(alias="DB_PORT")344    read_replica_host: str | None = Field(default=None, alias="READ_REPLICA_HOST")345    read_replica_port: int = Field(default=5432, alias="READ_REPLICA_PORT")346 347    @model_validator(mode="after")348    def validate_replica_settings(self):349        if self.read_replica_host and self.read_replica_port == self.db_port:350            if self.read_replica_host == self.db_host:351                raise ValueError(352                    "Read replica cannot be the same as primary database"353                )354        return self355```356 357## Best Practices Summary358 3591. **Never hardcode config** - All environment-specific values from env vars3602. **Use typed settings** - Pydantic-settings with validation3613. **Fail fast** - Crash on missing required config at startup3624. **Provide dev defaults** - Make local development easy3635. **Never commit secrets** - Use `.env` files (gitignored) or secret managers3646. **Namespace variables** - `DB_HOST`, `REDIS_URL` for clarity3657. **Import settings singleton** - Don't call `os.getenv()` throughout code3668. **Document all variables** - README should list required env vars3679. **Validate early** - Check config correctness at boot time36810. **Use secrets_dir** - Support mounted secrets in containers