Explore Flask

5.1. The simple case

A simple application may not need any of these complicated features. You may just need to put config.py in the root of your repository and load it in app.py or yourapp/init.py

The config.py file should contain one variable assignment per line. When your app is initialized, the variables in config.py are used to configure Flask and its extensions are accessible via the app.config dictionary - e.g. app.config["DEBUG"].

DEBUG = True # Turns on debugging features in Flask
BCRYPT_LEVEL = 12 # Configuration for the Flask-Bcrypt extension
MAIL_FROM_EMAIL = "[email protected]" # For use in application emails

Configuration variables can be used by Flask, extensions or you. In this example, we could use app.config["MAIL_FROM_EMAIL"] whenever we needed the default "from" address for a transactional email - e.g. password resets. Putting that information in a configuration variable makes it easy to change it in the future.

# app.py or app/__init__.py
from flask import Flask

app = Flask(__name__)

# Now we can access the configuration variables via app.config["VAR_NAME"].
Variable Decription Recommendation
DEBUG Gives you some handy tools for debugging errors. This includes a web-based stack trace and interactive Python console for errors. Should be set to True in development and False in production.
SECRET_KEY This is a secret key that is used by Flask to sign cookies. It's also used by extensions like Flask-Bcrypt. You should define this in your instance folder to keep it out of version control. You can read more about instance folders in the next section. This should be a complex random value.
BCRYPT_LEVEL If you’re using Flask-Bcrypt to hash user passwords, you’ll need to specify the number of “rounds” that the algorithm executes in hashing a password. If you aren’t using Flask-Bcrypt, you should probably start. The more rounds used to hash a password, the longer it’ll take for an attacker to guess a password given the hash. The number of rounds should increase over time as computing power increases. Later in this book we'll cover some of the best practices for using Bcrypt in your Flask application.

Caution Make sure DEBUG is set to False in production. Leaving it on will allow users to run arbitrary Python code on your server.