module-level-env-reads-bypass-runtime-env-in-python
Reading env vars at module import time (e.g., SECRET = os.getenv('KEY', 'dev-default') at top-level) captures the value at import, not at call time. In Docker, this means dev fallbacks persist even when the env var is correctly set if the module is imported before env injection completes or during test collection. Refactor to lazy accessor functions (_get_secret()) that read at call time and refuse dev values in production.
Related
- module-level-env-reads-with-dev-fallback-bypass-runtime-conf
- env-var-naming-drift-causes-silent-prod-boot-with-dev-defaul
- docker
- rdash-env-var-naming-drift-breaks-prod-boot
- pydantic-prod-safety-validator-rejects-dev-defaults-at-boot
- pydantic-model-validator-prod-safety-gate-pattern
- python-module-level-env-read-bypasses-prod-safety
- cube-client-module-level-secret-read-breaks-prod
- cube-client-module-level-import-dev-fallback-dangerous