Explore Flask

3.2. Version control

Pick a version control system and use it. I recommend Git. From what I've seen, Git is the most popular choice for new projects these days. Being able to delete code without worrying about making an irreversible mistake is invaluable. You'll be able to keep your project free of those massive blocks of commented out code, because you can delete it now and revert that change later should the need arise. Plus, you'll have backup copies of your entire project on GitHub, Bitbucket or your own Gitolite server.

3.2.1. What to keep out of version control

I usually keep a file out of version control for one of two reasons. Either it's clutter, or it's a secret. Compiled .pyc files and virtual environments - if you're not using virtualenvwrapper for some reason - are examples of clutter. They don't need to be in version control because they can be recreated from the .py files and your requirements.txt files respectively.

API keys, application secret keys and database credentials are examples of secrets. They shouldn't be in version control because their exposure would be a massive breach of security.

Note When making security related decisions, I always like to assume that my repository will become public at some point. This means keeping secrets out and never assuming that a security hole won't be found because, "Who's going to guess that they can do that?" This kind of assumption is known as security by obscurity and it's a bad policy to rely on.

When using Git, you can create a special file called .gitignore in your repository. In it, list wildcard patterns to match against filenames. Any filename that matches one of the patterns will be ignored by Git. I recommend using the .gitignore shown in Listing to get you started.


Instance folders are used to make secret configuration variables available to your application in a more secure way. We'll talk more about them later.

Note You can read more about .gitignore here: http://git-scm.com/docs/gitignore