Great question—handling configuration safely, maintainably, and flexibly is one of those things that seems trivial at first but can cause big headaches down the line. Let's tackle each of your points one by one:

Hardcoding string keys like config['amount_of_allowed_users'] is risky because typos won't be caught until runtime, and refactoring becomes error-prone. Here are the top fixes:

• Use strong-typed models: Map your config to a class (like dataclasses or Pydantic models) so you access values via attributes instead of string keys. This gives you IDE autocomplete, type checking, and early error detection.
• Define config keys as enums: If you need to stick with dictionaries for some reason, use an enum to centralize all config keys. This eliminates typos and makes refactoring easier.

Example with Pydantic (Recommended) #

Pydantic is the go-to library for this in Python—it combines serialization, validation, and strong typing:

from pydantic import BaseModel, PositiveInt
import yaml

# Define your config schema with validation rules
class AppConfig(BaseModel):
    amount_of_allowed_users: PositiveInt  # Ensures value is a positive integer

# Load and parse the YAML file
with open('config.yaml', 'r') as f:
    raw_config = yaml.safe_load(f)

# Convert to a strongly-typed model (will throw errors if config is invalid)
config = AppConfig(**raw_config)

# Access safely with attribute notation
print(f"Allowed users: {config.amount_of_allowed_users}")

Example with Enums (If You Prefer Dictionaries) #

from enum import Enum
import yaml

class ConfigKey(str, Enum):
    ALLOWED_USERS = "amount_of_allowed_users"

with open('config.yaml', 'r') as f:
    config = yaml.safe_load(f)

# Use the enum instead of hardcoded strings
allowed_users = config[ConfigKey.ALLOWED_USERS]

Absolutely—Python has several ways to serialize/deserialize configs into strongly-typed objects, just like C#'s XML serialization. The most common approaches are:

• Pydantic + YAML/JSON/TOML: As shown above, Pydantic acts as the "serializer/deserializer" layer, mapping structured config files to Python classes. This is far more flexible than XML and widely adopted in modern Python projects.
• Dataclasses + PyYAML: If you don't need Pydantic's validation features, you can use Python's built-in dataclasses with PyYAML to convert configs to class instances.

Dataclasses Example #

from dataclasses import dataclass
import yaml

@dataclass
class AppConfig:
    amount_of_allowed_users: int

with open('config.yaml', 'r') as f:
    raw_config = yaml.safe_load(f)

config = AppConfig(**raw_config)
print(config.amount_of_allowed_users)

Using a Python file (e.g., config.py) for settings might feel flexible at first, but it has major downsides: security risks (executable code), no built-in validation, tight coupling with your codebase, and difficulty switching between environments (dev/prod/staging).

Here's how to solve this:

• Use structured config files (YAML/JSON/TOML): These are human-readable, support hierarchical settings, and don't execute code. YAML is particularly popular for complex configs because it supports comments and nested structures.
• Combine with environment variables: Use tools like python-dotenv or Pydantic's built-in environment support to override config values for different environments. This lets you keep sensitive data (like API keys) out of config files and in environment variables.
• Add validation: As mentioned earlier, Pydantic ensures your config values are the right type and meet your constraints (e.g., positive integers, valid URLs).

Example: Environment Variable Overrides with Pydantic #

from pydantic_settings import BaseSettings

class AppConfig(BaseSettings):
    amount_of_allowed_users: int = 10  # Default value
    api_key: str  # Required, will be loaded from .env or system env

    class Config:
        env_file = ".env"  # Load variables from a .env file

# Instantiate the config—automatically pulls from .env and system environment
config = AppConfig()

# If you set AMOUNT_OF_ALLOWED_USERS=20 in .env, this will print 20 instead of 10
print(config.amount_of_allowed_users)

This setup gives you the flexibility of Python files without the risks, plus the safety of type checking and environment-specific configurations.

内容的提问来源于stack exchange，提问作者moshevi