Where do I get a SECRET_KEY for Flask?
PythonFlaskPython Problem Overview
I am trying to set up Flask-Debugtoolbar, but I get the message "DebugToolBar requires a SECRET_KEY". Where do I get the secret key?
Python Solutions
Solution 1 - Python
Get the random string for secret key:
Method 1: Use os
in Python 2/3:
>>> import os
>>> os.urandom(12)
'\xf0?a\x9a\\\xff\xd4;\x0c\xcbHi'
Method 2: Use uuid
in Python 2/3:
>>> import uuid
>>> uuid.uuid4().hex
'3d6f45a5fc12445dbac2f59c3b6c7cb1'
Method 3: Use secrets
in Python >= 3.6:
>>> import secrets
>>> secrets.token_urlsafe(16)
'Drmhze6EPcv0fN_81Bj-nA'
>>> secrets.token_hex(16)
'8f42a73054b1749f8f58848be5e6502c'
Method 4: Use os
in Python 3:
>>> import os
>>> os.urandom(12).hex()
'f3cfe9ed8fae309f02079dbf'
Set secret key in Flask
Method 1: Use app.secret_key
:
app.secret_key = 'the random string'
Method 2: Use app.config
:
app.config['SECRET_KEY'] = 'the random string'
Method 3: Put it in your config file:
SECRET_KEY = 'the random string'
Then load the config form config file:
app.config.from_pyfile('config.py') # if your config file's name is config.py
Solution 2 - Python
The secret key is needed to keep the client-side sessions secure. You can generate some random key as below:
>>> import os
>>> os.urandom(24)
'\xfd{H\xe5<\x95\xf9\xe3\x96.5\xd1\x01O<!\xd5\xa2\xa0\x9fR"\xa1\xa8'
Just take that key and copy/paste it into your config file
SECRET_KEY = '\xfd{H\xe5<\x95\xf9\xe3\x96.5\xd1\x01O<!\xd5\xa2\xa0\x9fR"\xa1\xa8'
See Sessions documentation
Solution 3 - Python
In order to use session in flask you need to set the secret key in your application settings. secret key is a random key used to encrypt your cookies and save send them to the browser.
This error is because of this line in the Flask-Debugtoolbar code
To fix this you just need to set a SECRET_KEY
in your config file.
app.config['SECRET_KEY'] = "Your_secret_string"
or if you have a config file just add below config to it:
SECRET_KEY = "Your_secret_string"
Solution 4 - Python
Open Python, run following in you
import secrets
secret_key = secrets.token_hex(16)
# example output, secret_key = 000d88cd9d90036ebdd237eb6b0db000
app.config['SECRET_KEY'] = secret_key
Solution 5 - Python
I recommend to hash it with bcrypt hash and use hex
# IMPORT
from flask_bcrypt import Bcrypt
import secrets
secret_key = secrets.token_hex(16) #Create HEX Key
bcrypt = Bcrypt(app) #Init Bcrypt
secret_key_hash = bcrypt.generate_password_hash(secret_key) #hash the HEX key with Bcrypt
app.config['SECRET_KEY'] = secret_key_hash #setup secret key
# Output like: $2b$12$Y0QMIGwksa5OhtOBF9BczuAJ0hYMUv7esEBgMMdAuJ4V.7stwxT9e