Standardize Python samples to use python-dotenv for environment variables

dlevy-msft-sql · dlevy-msft-sql · commit bf6347028843 · 2026-02-03T10:11:33.000-06:00
diff --git a/azure-sql/database/azure-sql-passwordless-migration-python.md b/azure-sql/database/azure-sql-passwordless-migration-python.md
@@ -48,10 +48,13 @@ Create a user in Azure SQL Database. The user should correspond to the Azure acc
 Migrating to passwordless connections with [mssql-python](/sql/connect/python/mssql-python/python-sql-driver-mssql-python) requires only a connection string change. The driver has built-in support for Microsoft Entra authentication modes, eliminating the need for manual token handling.
 
 ```python
-import os
+from os import getenv
+from dotenv import load_dotenv
 from mssql_python import connect
 
-connection_string = os.environ["AZURE_SQL_CONNECTIONSTRING"]
+load_dotenv()
+
+connection_string = getenv("AZURE_SQL_CONNECTIONSTRING")
 
 def get_all():
     with connect(connection_string) as conn:
@@ -61,10 +64,10 @@ def get_all():
     return
 ```
 
-To update the referenced connection string (`AZURE_SQL_CONNECTIONSTRING`) for local development, use the passwordless connection string format with `ActiveDirectoryDefault` authentication:
+To update the referenced connection string (`AZURE_SQL_CONNECTIONSTRING`) for local development, create a `.env` file in your project folder with the passwordless connection string format using `ActiveDirectoryDefault` authentication:
 
 ```text
-Server=tcp:<database-server-name>.database.windows.net,1433;Database=<database-name>;Encrypt=yes;TrustServerCertificate=no;Connection Timeout=30;Authentication=ActiveDirectoryDefault
+AZURE_SQL_CONNECTIONSTRING=Server=tcp:<database-server-name>.database.windows.net,1433;Database=<database-name>;Encrypt=yes;TrustServerCertificate=no;Connection Timeout=30;Authentication=ActiveDirectoryDefault
 ```
 
 `ActiveDirectoryDefault` automatically discovers credentials from multiple sources (Azure CLI, environment variables, Visual Studio, etc.) without requiring interactive login. This is convenient for development but adds latency as it tries each credential source in sequence.
diff --git a/azure-sql/database/azure-sql-python-quickstart.md b/azure-sql/database/azure-sql-python-quickstart.md
@@ -78,6 +78,7 @@ For details and specific instructions for installing the `mssql-python` driver,
     fastapi
     uvicorn[standard]
     pydantic
+    python-dotenv
     ```
 
 1. Install the requirements.
@@ -88,16 +89,20 @@ For details and specific instructions for installing the `mssql-python` driver,
 
 ## Configure the local connection string
 
-For local development and connecting to Azure SQL Database, add the following `AZURE_SQL_CONNECTIONSTRING` environment variable. Replace the `<database-server-name>` and `<database-name>` placeholders with your own values. Example environment variables are shown for the Bash shell.
+For local development, create a `.env` file in your project folder to store your connection string. This keeps credentials out of your code and source control.
+
+1. In the project folder, create a new file named `.env`.
+
+1. Add the `AZURE_SQL_CONNECTIONSTRING` variable with your connection string. Replace the `<database-server-name>` and `<database-name>` placeholders with your own values.
 
 The mssql-python driver has built-in support for Microsoft Entra authentication. Use the `Authentication` parameter to specify the authentication method.
 
 ## [DefaultAzureCredential](#tab/sql-default)
 
 `ActiveDirectoryDefault` automatically discovers credentials from multiple sources (Azure CLI, environment variables, Visual Studio, etc.) without requiring interactive login. This is convenient for local development but is slower due to credential discovery.
 
-```Bash
-export AZURE_SQL_CONNECTIONSTRING='Server=<database-server-name>.database.windows.net;Database=<database-name>;Authentication=ActiveDirectoryDefault;Encrypt=yes;TrustServerCertificate=no;'
+```text
+AZURE_SQL_CONNECTIONSTRING=Server=<database-server-name>.database.windows.net;Database=<database-name>;Authentication=ActiveDirectoryDefault;Encrypt=yes;TrustServerCertificate=no;
 ```
 
 > [!IMPORTANT]
@@ -110,20 +115,20 @@ export AZURE_SQL_CONNECTIONSTRING='Server=<database-server-name>.database.window
 
 In Windows, Microsoft Entra Interactive Authentication can use Microsoft Entra multifactor authentication technology to set up connection. In this mode, an Azure Authentication dialog is triggered and allows the user to input credentials to complete the connection.
 
-```Bash
-export AZURE_SQL_CONNECTIONSTRING='Server=<database-server-name>.database.windows.net;Database=<database-name>;Authentication=ActiveDirectoryInteractive;Encrypt=yes;TrustServerCertificate=no;'
+```text
+AZURE_SQL_CONNECTIONSTRING=Server=<database-server-name>.database.windows.net;Database=<database-name>;Authentication=ActiveDirectoryInteractive;Encrypt=yes;TrustServerCertificate=no;
 ```
 
 ## [SQL Authentication](#tab/sql-auth)
 
 You can directly authenticate to a SQL Server instance using a username and password.
 
-```Bash
-export AZURE_SQL_CONNECTIONSTRING='Server=<database-server-name>.database.windows.net;Database=<database-name>;UID=<user-name>;PWD=<user-password>;Encrypt=yes;TrustServerCertificate=no;'
+```text
+AZURE_SQL_CONNECTIONSTRING=Server=<database-server-name>.database.windows.net;Database=<database-name>;UID=<user-name>;PWD=<user-password>;Encrypt=yes;TrustServerCertificate=no;
 ```
 
 > [!WARNING]
-> Use caution when managing connection strings that contain secrets such as usernames, passwords, or access keys. These secrets shouldn't be committed to source control or placed in unsecure locations where they might be accessed by unintended users.
+> Use caution when managing connection strings that contain secrets such as usernames, passwords, or access keys. These secrets shouldn't be committed to source control or placed in unsecure locations where they might be accessed by unintended users. Add `.env` to your `.gitignore` file to prevent accidentally committing secrets.
 
 ---
 
@@ -137,24 +142,28 @@ You can get the details to create your connection string from the Azure portal:
 
 In the project folder, create an *app.py* file and add the sample code. This code creates an API that:
 
+- Loads configuration from a `.env` file using `python-dotenv`.
 - Retrieves an Azure SQL Database connection string from an environment variable.
 - Creates a `Persons` table in the database during startup (for testing scenarios only).
 - Defines a function to retrieve all `Person` records from the database.
 - Defines a function to retrieve one `Person` record from the database.
 - Defines a function to add new `Person` records to the database.
 
 ```python
-import os
+from os import getenv
 from typing import Union
+from dotenv import load_dotenv
 from fastapi import FastAPI
 from pydantic import BaseModel
 from mssql_python import connect
 
+load_dotenv()
+
 class Person(BaseModel):
     first_name: str
     last_name: Union[str, None] = None
 
-connection_string = os.environ["AZURE_SQL_CONNECTIONSTRING"]
+connection_string = getenv("AZURE_SQL_CONNECTIONSTRING")
 
 app = FastAPI()
 
