A simple application may not need any of these complicated features. You may just need to put config.py in the root of your repository and load it in app.py or yourapp/init.py
The config.py file should contain one variable assignment per line.
When your app is initialized, the variables in config.py are used to
configure Flask and its extensions are accessible via the app.config
dictionary - e.g. app.config["DEBUG"]
.
DEBUG = True # Turns on debugging features in Flask
BCRYPT_LEVEL = 12 # Configuration for the Flask-Bcrypt extension
MAIL_FROM_EMAIL = "[email protected]" # For use in application emails
Configuration variables can be used by Flask, extensions or you. In this
example, we could use app.config["MAIL_FROM_EMAIL"]
whenever we needed
the default "from" address for a transactional email - e.g. password
resets. Putting that information in a configuration variable makes it
easy to change it in the future.
# app.py or app/__init__.py
from flask import Flask
app = Flask(__name__)
app.config.from_object('config')
# Now we can access the configuration variables via app.config["VAR_NAME"].
Variable | Decription | Recommendation |
---|---|---|
DEBUG |
Gives you some handy tools for debugging errors. This includes a web-based stack trace and interactive Python console for errors. | Should be set to True in development and False in production. |
SECRET_KEY |
This is a secret key that is used by Flask to sign cookies. It's also used by extensions like Flask-Bcrypt. You should define this in your instance folder to keep it out of version control. You can read more about instance folders in the next section. | This should be a complex random value. |
BCRYPT_LEVEL |
If you’re using Flask-Bcrypt to hash user passwords, you’ll need to specify the number of “rounds” that the algorithm executes in hashing a password. If you aren’t using Flask-Bcrypt, you should probably start. The more rounds used to hash a password, the longer it’ll take for an attacker to guess a password given the hash. The number of rounds should increase over time as computing power increases. | Later in this book we'll cover some of the best practices for using Bcrypt in your Flask application. |
Caution Make sure DEBUG
is set to False
in production. Leaving it on will
allow users to run arbitrary Python code on your server.