andreas/flask-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

moved to .env for secret-key

Browse Source
This commit is contained in:
Andreas Jönsson 2025-11-15 19:40:58 +01:00
parent f6b3020350
commit 4ace9bd2a0
3 changed files with 34 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
README.md
View File

@ -34,20 +34,47 @@ pkill -f "flask run" && flask run --host=0.0.0.0 --port=5001
### Docker Deployment ### Docker Deployment
```bash ```bash
# Build and start container # First generate and set your secret key
python -c 'import secrets; print(f"FLASK_SECRET_KEY={secrets.token_hex(32)}")' >> .env
# Then start the container
docker-compose up --build docker-compose up --build
# For production (detached mode) # Production deployment (detached mode)
docker-compose up --build -d docker-compose up --build -d
``` ```
Note: Docker will automatically load the `.env` file from your project root
The application will be available at `http://localhost:5001` The application will be available at `http://localhost:5001`
### Persisting Data ### Persisting Data
The database will be preserved between container restarts through the `./instance` volume mount. The database will be preserved between container restarts through the `./instance` volume mount.
## Configuration
### Secret Key Management
The application uses a hierarchical configuration for the secret key:
1. Environment variable `FLASK_SECRET_KEY` (highest priority)
2. Hardcoded value in `app.py` (development fallback only)
**Production Setup:**
```bash
# Generate a secure secret key
python -c 'import secrets; print(secrets.token_hex(32))'
# Update .env file
echo "FLASK_SECRET_KEY=your_generated_secret_here" >> .env
```
**Important Security Notes:**
- Never commit the `.env` file to version control
- The default secret key should only be used for development
- In production, use proper secret management (Vault, KMS, etc.)
## Features ## Features
- User registration with password confirmation - User registration with password confirmation
- Secure password hashing - Secure password hashing
- Login/logout functionality - Login/logout functionality
- SQLite database - SQLite database
- Environment-based configuration

5
app.py
View File

@ -5,7 +5,10 @@ from werkzeug.security import generate_password_hash, check_password_hash
import os import os
app = Flask(__name__) app = Flask(__name__)
app.config['SECRET_KEY'] = 'your-secret-key-here' app.config['SECRET_KEY'] = os.environ.get(
'FLASK_SECRET_KEY',
'your-secret-key-here' # Fallback for development only
)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///' + os.path.join(os.path.abspath(os.path.dirname(__file__)), 'instance/users.db') app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///' + os.path.join(os.path.abspath(os.path.dirname(__file__)), 'instance/users.db')
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False

2
docker-compose.yml
View File

@ -7,7 +7,7 @@ services:
- "5001:5001" - "5001:5001"
environment: environment:
- FLASK_ENV=production - FLASK_ENV=production
- FLASK_SECRET_KEY=${FLASK_SECRET_KEY:-your-secret-key-here} - FLASK_SECRET_KEY=${FLASK_SECRET_KEY} # Required - set in .env file
- SQLALCHEMY_DATABASE_URI=sqlite:////app/instance/users.db - SQLALCHEMY_DATABASE_URI=sqlite:////app/instance/users.db
volumes: volumes:
- ./instance:/app/instance - ./instance:/app/instance