0

What is the best practice for managing:

  1. That I have to use git for Heroku and therefore have to upload the configuration variables, such as database URLs
  2. That these are private and I was told never to upload them to git

Is it to simply: make sure the git repository is private and leave out the .gitignore file? Or is there another way to keep a file private?

jonrsharpe
  • 115,751
  • 26
  • 228
  • 437
Peter Charland
  • 409
  • 6
  • 18

1 Answers1

1

The best practice for managing credentials and sensitive configuration data is by fetching them from environment variables

First step: create a config.py file.

# inside the config.py
from os import environ

SOME_SECRET = environ.get("SOME_SECRET", "YOUR DEFAULT VALUE")

Second step: Make flask to refer to that file to extract its configuration from it.

# indide app.py
app.config.from_pyfile("config.py", silent=False)

Third step: Use these values inside your app.

from flask import current_app

def do_something():
    current_app.config.get('SOME_SECRET', None)
    ...
    ...

Make sure you are using this code inside your application context

Forth step: Now you have to add these environment variables in the machine(s) which (is/are) going to run your code, whether it is on (Heroku, AWS EC2, k8s node, ..etc)

This way you are making sure that you are not exposing any secret credentials or configurations to anyone who can access your codebase even if it was on a public Github repo.

Radwan Abu-Odeh
  • 1,897
  • 9
  • 16
  • Thanks for the response! So if I understand you, there must be some method of giving these variables to Heroku beyond uploading a file in the Git repo? If so, what is it? I haven't deployed before. Thanks a ton for your help. – Peter Charland Jan 22 '20 at 10:00
  • I think the attached answer explains that in more detail. Thanks! – Peter Charland Jan 22 '20 at 10:01