Apache will not take in credentials


I am using Django with Apache. I can use an env file just fine - however, when I use Doppler, it’s not picking up any environment variables, even though I have scopes everywhere. I am not sure how to debug that it is currently being used, but this works fine locally, it just doesn’t work on my server. Are there any special things to be aware of when using it with Apache? I tried SetEnv DOPPLER_ENV 1, and pip install doppler-env and while the application works when running from python3 manage.py runserver, it doesn’t work from apache’s mod_wsgi.

Hi @Jonathan_Ma and welcome to the Doppler community!

I’ll need to look into the best way of using Doppler with mod_wsgi specifically, but for now (presuming you’re using Docker), you can take a look at a Dockerfile that inherits from the PHP Apache image that uses a custom entrypoint script to generate a conf file with a SetEnv declarations for every secret. The conf file is saved to a location in the Docker container that Apache will automatically load conf files from on startup.

Depending upon your level of experience with Apache and Docker, that may get you going but in any case, I’ll put a specific mod_wsgi example together.

Also, what Python framework are you using?

So I am using Django - it works fine when I use an env file, because django-environ is able to read it in. But it doesn’t seem to work for RAM set values.

It’s not really hassle to use .env files, and I’m thinking it’s no more insecure than to use a written generated conf file for apache, or is it? Because I would also be storing the secrets on the filesystem. If this is the case, I’ll just use the Doppler generated env file, I have a script that automatically downloads it and writes the env file.

Hi @Jonathan_Ma,

Using the Doppler CLI to run the application server (e.g uWSGI or gunicorn) is the easiest and most secure way to pass secrets to your application as they never touch the file system.

Then during development, the Doppler CLI is also used to run the Django dev server.

What application server are you using? And are you deploying inside a Docker container?

Hi @Jonathan_Ma,

I’ve just written a blog post about using Doppler to set environment variables for Apache with mod_wsgi.

While you’re correct in that this approach still requires writing the secrets to a file, it would at least enable you to remove the django-environ package altogether.

Then for local development, you could use the Doppler CLI to run Django’s development server:

doppler run -- python manage.py runserver

This is awesome Ryan, thank you so much for the article and the follow-up!

1 Like