I am deploying a Django app and I got stuck. I am trying to follow the 12 factor app principles. Specifically, they state that you should have all your configuration in environment variables. Also, I don't want to have multiple settings.py files, because that goes against the 12FA principles. So, I have simply a single settings.py file, which checks environment variables using os.environ['xxx'] for stuff like database login etc.
On the local dev machine, these environment variables are pulled from a file called .env. On the server, I am planning to store all the environment variables inside a systemd unit using the Environment= syntax.
Now, my problem occurs while deploying. I copy all the source Python files onto the server, and I need to call collectstatic and migrate. However, these actions both require the presence of a settings.py file which needs to have access to the database. However, collectstatic is called from my CI/CD pipeline and doesn't have all those environment variables; the only place where they're stored is the systemd unit file which has very limited permissions (only root can read and write to the file).
My question is, what approach could I take in order to follow 12FA while maintaining a single settings.py file?