Flask basics - setting environment variables

Hiding sensitive data in environment variables.

Lots of Flask tutorials recommend setting environment variables to protect any private information stored in the settings of the app. This is good advice, it only takes a moment of inattention to commit sensitive information to your GIT repo and then push it to a public place such as GitHub. If you're using a virtualenv (if you're not I recommend you go and fix that before you pollute your local python environment too badly to recover it) this is a really simple thing to do:

  • Open the postactivate file in the virtualenv you're using in your text editor of choice eg: vim ~/.VirtualEnvs/VENV/bin/postactivate.
  • Add your variables to the bottom of the file, one on each line in the following format: export VARIABLE_NAME='whatever_you_want_here'.
  • Activate your virtualenv and check that your variables have been loaded by using echo $VARIABLE_NAME. Now whenever you start your venv your environment variables will be available.