Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Where do I get a SECRET_KEY for Flask?

Tags:

python

flask

I am trying to set up Flask-Debugtoolbar, but I get the message "DebugToolBar requires a SECRET_KEY". Where do I get the secret key?

like image 531
Tendi Avatar asked Jan 20 '16 14:01

Tendi


People also ask

What is Flask SECRET_KEY?

Description. Each Flask web application contains a secret key which used to sign session cookies for protection against cookie data tampering. It's very important that an attacker doesn't know the value of this secret key. Your application is using a weak/known secret key and Acunetix managed to guess this key.


1 Answers

Get the random string for secret key:

Method 1: Use os in Python 2/3:

>>> import os >>> os.urandom(12) '\xf0?a\x9a\\\xff\xd4;\x0c\xcbHi' 

Method 2: Use uuid in Python 2/3:

>>> import uuid >>> uuid.uuid4().hex '3d6f45a5fc12445dbac2f59c3b6c7cb1' 

Method 3: Use secrets in Python >= 3.6:

>>> import secrets >>> secrets.token_urlsafe(16) 'Drmhze6EPcv0fN_81Bj-nA' >>> secrets.token_hex(16) '8f42a73054b1749f8f58848be5e6502c' 

Method 4: Use os in Python 3:

>>> import os >>> os.urandom(12).hex() 'f3cfe9ed8fae309f02079dbf' 

Set secret key in Flask

Method 1: Use app.secret_key:

app.secret_key = 'the random string' 

Method 2: Use app.config:

app.config['SECRET_KEY'] = 'the random string'     

Method 3: Put it in your config file:

SECRET_KEY = 'the random string' 

Then load the config form config file:

app.config.from_pyfile('config.py')  # if your config file's name is config.py 
like image 124
Grey Li Avatar answered Sep 27 '22 20:09

Grey Li