Where should I place the secret key in Flask?

by

Place a secret key in the development config, which gets committed to the repo. This is convenient for developers, because they don’t have to generate one to start running the app. In production, use a production config (which is never committed to the repo), with a unique secret key. The production config should override the development config.

app = Flask(__name__, instance_relative_config=True)
# default value during development
app.secret_key = 'dev'
# overridden if this file exists in the instance folder
app.config.from_pyfile('config.py', silent=True)

If you don’t have a way to add private files in production, such as on Heroku, another option is to use environment variables. If the variable is set, it overrides the default.

app.secret_key = os.environ.get('SECRET_KEY', 'dev')

More Related Contents:

  1. Configure Flask dev server to be visible across the network
  2. Why does running the Flask dev server run itself twice?
  3. json.dumps vs flask.jsonify
  4. Read file data without saving it in Flask
  5. What is the cause of the Bad Request Error when submitting form in Flask application?
  6. How to implement server push in Flask framework?
  7. Auto reloading python Flask app upon code changes
  8. Capture arbitrary path in Flask route
  9. Flask at first run: Do not use the development server in a production environment
  10. Execute a function after Flask returns response
  11. Return a download and rendered page in one Flask response
  12. Uploading multiple files with Flask
  13. Handling multiple requests in Flask
  14. How to integrate Flask & Scrapy?
  15. How do you set a default value for a WTForms SelectField?
  16. Flask Download a File
  17. Implementing Flask-Login with multiple User Classes
  18. Not able to parse a .csv file uploaded using Flask
  19. Import could not be resolved/could not be resolved from source Pylance in VS Code using Python 3.9.2 on Windows 10
  20. Flask sqlalchemy many-to-many insert data
  21. Is a SQLAlchemy query vulnerable to injection attacks?
  22. When scattering Flask Models, RuntimeError: ‘application not registered on db’ was raised
  23. How to render by Vue instead of Jinja
  24. How to send zip files in the python Flask framework?
  25. Unable to “import matplotlib.pyplot as plt” in virtualenv
  26. How can we call one route from another route with parameters in Flask?
  27. python flask display image on a html page [duplicate]
  28. Return a requests.Response object from Flask
  29. Converting matplotlib png to base64 for viewing in html template
  30. Increment counter for every access to a Flask view

Leave a Comment