Post

Building a Python Template That Actually Works in Production

Posted
By retr0crypticghost 3 min read

I’ve been building Python projects for years, and I got tired of the same repetitive setup work. Every new project meant configuring logging, setting up tests, handling configuration files, and wrestling with packaging. Worse, I kept running into the same security issues and quality problems across projects.

So I built a Cookiecutter template that handles the boring stuff and bakes in the practices I’ve learned from building production Python applications.

The Problem with Most Templates

Most Python templates give you a basic directory structure and maybe some tests. That’s fine for toy projects, but real applications need more:

  • Security: How do you handle sensitive data in logs? What about configuration secrets?
  • Configuration: How do you manage settings across dev/staging/prod environments?
  • Quality: How do you enforce code standards and testing practices?
  • CI/CD: How do you automate the release process?

These aren’t theoretical problems - they’re the issues that bite you when your side project becomes a real application that handles user data.

Real-World Solutions

My template focuses on solving actual problems I’ve encountered:

Security-Conscious Logging

One of the biggest security risks in Python applications is accidentally logging sensitive data. The template includes a logging system that automatically filters out passwords, tokens, and other secrets:

1
2
3
4
5

# This gets automatically filtered in logs
logger.info(f"User login attempt", extra={
    "user": "retr0", 
    "password": "secret123"  # This won't appear in logs
})

It’s thread-safe and provides structured output that works well in both development and production environments.

Hierarchical Configuration

Real applications need configuration that works across different environments. The template provides a system with clear precedence:

  1. Environment variables (highest priority)
  2. Configuration files (YAML/JSON)
  3. Sensible defaults (fallback)

This means you can have a config.yaml for development, override specific values with environment variables in production, and always fall back to safe defaults.

Professional Project Types

The template supports different project archetypes:

  • Library: Clean package structure for reusable code
  • CLI Application: Rich command-line interface with completion
  • Web API: Foundation for web services
  • Data Science: Notebook-friendly structure with data handling patterns

Each type gets appropriate tooling and structure.

The Philosophy: Practical Over Perfect

I’ve tried to follow my usual approach of focusing on real-world usefulness rather than theoretical completeness. Features get added when I actually need them across multiple projects, not because they seem like a good idea.

For example, the logging filtering came from debugging a production issue where API keys were showing up in log files. The configuration hierarchy emerged from managing the same application across development, staging, and production environments.

What You Get

When you run the template, you get a fully-configured project with:

  • Modern Python packaging (pyproject.toml with proper metadata)
  • Code quality tools (Ruff for linting and formatting)
  • Security scanning (pre-commit hooks and dependency checks)
  • Comprehensive testing (pytest with 90%+ coverage requirements)
  • CI/CD pipelines (GitHub Actions with multi-version testing)
  • Documentation (MkDocs setup with automatic API docs)

Getting Started

1
2

pip install cookiecutter
cookiecutter https://github.com/retr0crypticghost/python-template.git

The template will ask you a few questions about your project and generate everything automatically. You’ll have a working Python project with professional patterns built in.

Human + AI Collaboration

I should mention that I built this template using the collaborative development approach I’ve written about before. I handled the architecture decisions and real-world requirements based on my experience, while AI helped with implementation details, edge cases, and ensuring consistent patterns across all the generated files.

The result feels more thorough and consistent than what I could have built alone, while still being grounded in practical experience rather than theoretical best practices.

Open Source and Evolving

The template is open source and continues to evolve based on real project needs. If you’re building Python applications and want to skip the tedious setup work while getting security and quality practices built in, give it a try.

I’m always interested in hearing about how people use it and what patterns would be helpful to include. The goal is to make it easier to build Python applications that work well in production, not to create the perfect theoretical template.

The template includes comprehensive documentation and examples. If you run into issues or have suggestions for improvement, feel free to open an issue on GitHub.

python tooling cookiecutter automation security best-practices
This post is licensed under CC BY 4.0 by the author.