Where do I get SECRET_KEY for Flask?

Question

While trying to set up Flask-Debugtoolbar, I am getting:

"DebugToolBar requires a SECRET_KEY".

Where do I get SECRET_KEY?

Answer 1

According to the Flask's documentation, you can use the following command to generate the value of SECRET_KEY:

python -c 'import secrets; print(secrets.token_hex())'

It is important to keep in mind the following:

Do not reveal the secret key when posting questions or committing code.

Answer 2

Here is a way to store Flask's secret_key in a hidden file instead of the code:

import secrets
from pathlib import Path

from flask import Flask

app = Flask(__name__)

SECRET_FILE_PATH = Path(".flask_secret")
try:
    with SECRET_FILE_PATH.open("r") as secret_file:
        app.secret_key = secret_file.read()
except FileNotFoundError:
    # Let's create a cryptographically secure code in that file
    with SECRET_FILE_PATH.open("w") as secret_file:
        app.secret_key = secrets.token_hex(32)
        secret_file.write(app.secret_key)

It's always a good idea to store secrets away from versioned code. Git is very good at not losing data. This includes secret keys and passwords :)

Answer 3

I recommend to hash it with bcrypt hash and use hex

# IMPORT
from flask_bcrypt import Bcrypt
import secrets

secret_key = secrets.token_hex(16) #Create HEX Key
bcrypt = Bcrypt(app) #Init Bcrypt
secret_key_hash = bcrypt.generate_password_hash(secret_key) #hash the HEX key with Bcrypt
app.config['SECRET_KEY'] = secret_key_hash #setup secret key

# Output like: $2b$12$Y0QMIGwksa5OhtOBF9BczuAJ0hYMUv7esEBgMMdAuJ4V.7stwxT9e

Answer 4

Get the random string for secret key:

Method 1: Use os in Python 2/3:

>>> import os
>>> os.urandom(12)
'\xf0?a\x9a\\\xff\xd4;\x0c\xcbHi'

Method 2: Use uuid in Python 2/3:

>>> import uuid
>>> uuid.uuid4().hex
'3d6f45a5fc12445dbac2f59c3b6c7cb1'

Method 3: Use secrets in Python >= 3.6:

>>> import secrets
>>> secrets.token_urlsafe(16)
'Drmhze6EPcv0fN_81Bj-nA'
>>> secrets.token_hex(16)
'8f42a73054b1749f8f58848be5e6502c'

Method 4: Use os in Python 3:

>>> import os
>>> os.urandom(12).hex()
'f3cfe9ed8fae309f02079dbf'

Set secret key in Flask

Method 1: Use app.secret_key:

app.secret_key = 'the random string'

Method 2: Use app.config:

app.config['SECRET_KEY'] = 'the random string'    

Method 3: Put it in your config file:

SECRET_KEY = 'the random string'

Then load the config form config file:

app.config.from_pyfile('config.py')  # if your config file's name is config.py

Answer 5

Open Python, run following in you

import secrets
secret_key = secrets.token_hex(16)
# example output, secret_key = 000d88cd9d90036ebdd237eb6b0db000
app.config['SECRET_KEY'] = secret_key

Answer 6

The secret key is needed to keep the client-side sessions secure. You can generate some random key as below:

>>> import os
>>> os.urandom(24)
'\xfd{H\xe5<\x95\xf9\xe3\x96.5\xd1\x01O<!\xd5\xa2\xa0\x9fR"\xa1\xa8'

Just take that key and copy/paste it into your config file

SECRET_KEY = '\xfd{H\xe5<\x95\xf9\xe3\x96.5\xd1\x01O<!\xd5\xa2\xa0\x9fR"\xa1\xa8'

See Sessions documentation

Answer 7

In order to use session in flask you need to set the secret key in your application settings. secret key is a random key used to encrypt your cookies and save send them to the browser.

This error is because of this line in the Flask-Debugtoolbar code

To fix this you just need to set a SECRET_KEY in your config file.

app.config['SECRET_KEY'] = "Your_secret_string"

or if you have a config file just add below config to it:

SECRET_KEY = "Your_secret_string"