[Reference](https://python.plainenglish.io/managing-configuration-and-secrets-in-fastapi-and-python-apps-best-practices-for-security-and-7027076f8179)

# 1. Environment Variables

```
# .env file (never commit to git!)
DATABASE_URL=postgresql://user:password@db:5432/mydb
SECRET_KEY=mysecretkeyhere
```

In [2]:
# Install dotenv
!pip install python-dotenv



In [3]:
from dotenv import load_dotenv
load_dotenv()  # Loads values from .env file into ENV

import os
db_url = os.getenv("DATABASE_URL")

# 2. Pydantic Settings Management

In [4]:
from pydantic import BaseSettings

class Settings(BaseSettings):
    database_url: str
    secret_key: str

    class Config:
        env_file = ".env"  # Automate variable loading

settings = Settings()
print(settings.database_url)

# 3. Secret Managers (Cloud or External Services)

When moving to production, consider specialized secret vaults:
HashiCorp Vault
AWS Secrets Manager
Azure Key Vault
Google Secret Manager
Doppler

# 4. Docker and Kubernetes Integration

```
# Docker
services:
  fastapi:
    build: .
    environment:
      - DATABASE_URL
      - SECRET_KEY
    env_file:
      - .env
```

```
# Kubernetes

apiVersion: v1
kind: Secret
meta
  name: fastapi-secrets

  secret_key: <base64-encoded>
```

In [5]:
from fastapi import FastAPI

from pydantic import BaseSettings

class Settings(BaseSettings):
    database_url: str
    secret_key: str

    class Config:
        env_file = ".env"

settings = Settings()  # Loaded securely

app = FastAPI()

@app.get("/healthz")
def health():
    return {"status": "ok"}

# Use settings.database_url for DB connections