Flask solution to handle sensitive data does not work in Heroku.
Flask framework comes with an elegant solution to store credentials and sensitive information, it is the usage of instance folders. Unfortunately this approach would have not sense if you plan to deploy your webapp to Heroku, flask’s instance folder is not compatible with Heroku because the nature of its filesystem, that is, the way the files are organized on the disk.
Instance folders problem
From Flask 0.8, instance folders are the recommended way to store sensitive information:
designed to not be under version control and be deployment specific.
It’s the perfect place to drop things that either change at runtime or configuration files.
But if you deploy to Heroku, its Dynos are cycled every 24 hours due to its ephemereal system. As the project’s instance folder would be out of version control, if you can somehow copy it to Heroku, it will disappear after some time.
A dyno is a lightweight Linux container that runs a single user-specified command. Each dyno gets its own ephemeral filesystem, with a fresh copy of the most recently deployed code, any files written will be discarded the moment the dyno is stopped or restarted
So the only solution to set all the sensitive information in production is to set each environment variable, one by one, without the possibility to drop all your sensitive environment variables in a config file in the instance folder.
Alternative: use a local .env file
To view all of your Flask app’s config vars, you can use heroku config.
$ heroku config === myapp-1234 Config Vars APP_CONFIG_FILE: /app/config.py DATABASE_URL: postgres://asldfkjwg:[email protected]:2232/aslkdgjsadj234
Then you can create the same variables for your local environment with $ heroku config:get CONFIG-VAR-NAME -s >> .env.
.gitignore to avoid committing your local
environment variables, you can customize them locally and add
.env support to your flask apps in development and deployments with
This way we achieve a strict separation of config from code, which complies with twelve-factor’s third statement: Store config in the environment