Where do I get SECRET_KEY for Flask?
Question:
While trying to set up Flask-Debugtoolbar, I am getting:
"DebugToolBar requires a SECRET_KEY".
Where do I get SECRET_KEY?
Answers:
The secret key is needed to keep the client-side sessions secure. You can generate some random key as below:
>>> import os
>>> os.urandom(24)
'xfd{Hxe5<x95xf9xe3x96.5xd1x01O<!xd5xa2xa0x9fR"xa1xa8'
Just take that key and copy/paste it into your config file
SECRET_KEY = 'xfd{Hxe5<x95xf9xe3x96.5xd1x01O<!xd5xa2xa0x9fR"xa1xa8'
See Sessions documentation
In order to use session in flask you need to set the secret key in your application settings.
secret key is a random key used to encrypt your cookies and save send them to the browser.
This error is because of this line in the Flask-Debugtoolbar code
To fix this you just need to set a SECRET_KEY in your config file.
app.config['SECRET_KEY'] = "Your_secret_string"
or if you have a config file just add below config to it:
SECRET_KEY = "Your_secret_string"
Get the random string for secret key:
Method 1: Use os in Python 2/3:
>>> import os
>>> os.urandom(12)
'xf0?ax9a\xffxd4;x0cxcbHi'
Method 2: Use uuid in Python 2/3:
>>> import uuid
>>> uuid.uuid4().hex
'3d6f45a5fc12445dbac2f59c3b6c7cb1'
Method 3: Use secrets in Python >= 3.6:
>>> import secrets
>>> secrets.token_urlsafe(16)
'Drmhze6EPcv0fN_81Bj-nA'
>>> secrets.token_hex(16)
'8f42a73054b1749f8f58848be5e6502c'
Method 4: Use os in Python 3:
>>> import os
>>> os.urandom(12).hex()
'f3cfe9ed8fae309f02079dbf'
Set secret key in Flask
Method 1: Use app.secret_key:
app.secret_key = 'the random string'
Method 2: Use app.config:
app.config['SECRET_KEY'] = 'the random string'
Method 3: Put it in your config file:
SECRET_KEY = 'the random string'
Then load the config form config file:
app.config.from_pyfile('config.py') # if your config file's name is config.py
Open Python, run following in you
import secrets
secret_key = secrets.token_hex(16)
# example output, secret_key = 000d88cd9d90036ebdd237eb6b0db000
app.config['SECRET_KEY'] = secret_key
I recommend to hash it with bcrypt hash and use hex
# IMPORT
from flask_bcrypt import Bcrypt
import secrets
secret_key = secrets.token_hex(16) #Create HEX Key
bcrypt = Bcrypt(app) #Init Bcrypt
secret_key_hash = bcrypt.generate_password_hash(secret_key) #hash the HEX key with Bcrypt
app.config['SECRET_KEY'] = secret_key_hash #setup secret key
# Output like: $2b$12$Y0QMIGwksa5OhtOBF9BczuAJ0hYMUv7esEBgMMdAuJ4V.7stwxT9e
Here is a way to store Flask’s secret_key in a hidden file instead of the code:
import secrets
from pathlib import Path
from flask import Flask
app = Flask(__name__)
SECRET_FILE_PATH = Path(".flask_secret")
try:
with SECRET_FILE_PATH.open("r") as secret_file:
app.secret_key = secret_file.read()
except FileNotFoundError:
# Let's create a cryptographically secure code in that file
with SECRET_FILE_PATH.open("w") as secret_file:
app.secret_key = secrets.token_hex(32)
secret_file.write(app.secret_key)
It’s always a good idea to store secrets away from versioned code. Git is very good at not losing data. This includes secret keys and passwords 🙂
According to the Flask’s documentation, you can use the following command to generate the value of SECRET_KEY:
python -c 'import secrets; print(secrets.token_hex())'
It is important to keep in mind the following:
Do not reveal the secret key when posting questions or committing code.
While trying to set up Flask-Debugtoolbar, I am getting:
"DebugToolBar requires a SECRET_KEY".
Where do I get SECRET_KEY?
The secret key is needed to keep the client-side sessions secure. You can generate some random key as below:
>>> import os
>>> os.urandom(24)
'xfd{Hxe5<x95xf9xe3x96.5xd1x01O<!xd5xa2xa0x9fR"xa1xa8'
Just take that key and copy/paste it into your config file
SECRET_KEY = 'xfd{Hxe5<x95xf9xe3x96.5xd1x01O<!xd5xa2xa0x9fR"xa1xa8'
See Sessions documentation
In order to use session in flask you need to set the secret key in your application settings.
secret key is a random key used to encrypt your cookies and save send them to the browser.
This error is because of this line in the Flask-Debugtoolbar code
To fix this you just need to set a SECRET_KEY in your config file.
app.config['SECRET_KEY'] = "Your_secret_string"
or if you have a config file just add below config to it:
SECRET_KEY = "Your_secret_string"
Get the random string for secret key:
Method 1: Use os in Python 2/3:
>>> import os
>>> os.urandom(12)
'xf0?ax9a\xffxd4;x0cxcbHi'
Method 2: Use uuid in Python 2/3:
>>> import uuid
>>> uuid.uuid4().hex
'3d6f45a5fc12445dbac2f59c3b6c7cb1'
Method 3: Use secrets in Python >= 3.6:
>>> import secrets
>>> secrets.token_urlsafe(16)
'Drmhze6EPcv0fN_81Bj-nA'
>>> secrets.token_hex(16)
'8f42a73054b1749f8f58848be5e6502c'
Method 4: Use os in Python 3:
>>> import os
>>> os.urandom(12).hex()
'f3cfe9ed8fae309f02079dbf'
Set secret key in Flask
Method 1: Use app.secret_key:
app.secret_key = 'the random string'
Method 2: Use app.config:
app.config['SECRET_KEY'] = 'the random string'
Method 3: Put it in your config file:
SECRET_KEY = 'the random string'
Then load the config form config file:
app.config.from_pyfile('config.py') # if your config file's name is config.py
Open Python, run following in you
import secrets
secret_key = secrets.token_hex(16)
# example output, secret_key = 000d88cd9d90036ebdd237eb6b0db000
app.config['SECRET_KEY'] = secret_key
I recommend to hash it with bcrypt hash and use hex
# IMPORT
from flask_bcrypt import Bcrypt
import secrets
secret_key = secrets.token_hex(16) #Create HEX Key
bcrypt = Bcrypt(app) #Init Bcrypt
secret_key_hash = bcrypt.generate_password_hash(secret_key) #hash the HEX key with Bcrypt
app.config['SECRET_KEY'] = secret_key_hash #setup secret key
# Output like: $2b$12$Y0QMIGwksa5OhtOBF9BczuAJ0hYMUv7esEBgMMdAuJ4V.7stwxT9e
Here is a way to store Flask’s secret_key in a hidden file instead of the code:
import secrets
from pathlib import Path
from flask import Flask
app = Flask(__name__)
SECRET_FILE_PATH = Path(".flask_secret")
try:
with SECRET_FILE_PATH.open("r") as secret_file:
app.secret_key = secret_file.read()
except FileNotFoundError:
# Let's create a cryptographically secure code in that file
with SECRET_FILE_PATH.open("w") as secret_file:
app.secret_key = secrets.token_hex(32)
secret_file.write(app.secret_key)
It’s always a good idea to store secrets away from versioned code. Git is very good at not losing data. This includes secret keys and passwords 🙂
According to the Flask’s documentation, you can use the following command to generate the value of SECRET_KEY:
python -c 'import secrets; print(secrets.token_hex())'
It is important to keep in mind the following:
Do not reveal the secret key when posting questions or committing code.