How to set environment variables in a Google Cloud VM (Ubuntu) for Django project without exposing sensitive information?

I am using a virtual machine on Google Cloud with Ubuntu as the operating system, and I have deployed a Django backend on it. In my settings.py, I use environment variables like this:

EMAIL_HOST_USER = env('EMAIL_HOST_USER')
EMAIL_HOST_PASSWORD = env('EMAIL_HOST_PASSWORD')

I would like to know how to properly set environment variables on the VM so that my Django application can access them. Specifically:

1. How do I create environment variables on the VM (Ubuntu)?
2. How can I ensure that sensitive data (like EMAIL_HOST_PASSWORD) is not exposed in plain text, but still accessible by my Django app?

Any best practices for securely managing these environment variables in a Google Cloud VM would be appreciated. Thanks!

If you have secrets, keep them secret! You can use Secret Manager for this. And then, read your secret at runtime instead of putting it in plain text in your VM configuration.

You have different option for this:

• Use a startup script to read the secret at VM startup and put it in env var (in memory) of the VM
• Do the same but when your Django app start
• Read the secret only at usage time, in your Django app