Flask solution to handle sensitive data does not work in Heroku.

Overview

Flask framework comes with an elegant solution to store credentials and sensitive information, it is the usage of instance folders. Unfortunately this approach would have not sense if you plan to deploy your webapp to Heroku, flask’s instance folder is not compatible with Heroku because the nature of its filesystem, that is, the way the files are organized on the disk.

Instance folders problem

From Flask 0.8, instance folders are the recommended way to store sensitive information:

designed to not be under version control and be deployment specific.

It’s the perfect place to drop things that either change at runtime or configuration files.

But if you deploy to Heroku, its Dynos are cycled every 24 hours due to its ephemereal system. As the project’s instance folder would be out of version control, if you can somehow copy it to Heroku, it will disappear after some time.

A dyno is a lightweight Linux container that runs a single user-specified command. Each dyno gets its own ephemeral filesystem, with a fresh copy of the most recently deployed code, any files written will be discarded the moment the dyno is stopped or restarted

So the only solution to set all the sensitive information in production is to set each environment variable, one by one, without the possibility to drop all your sensitive environment variables in a config file in the instance folder.

Alternative: use a local .env file

To view all of your Flask app’s config vars, you can use heroku config.


$ heroku config
=== myapp-1234 Config Vars
APP_CONFIG_FILE:                /app/config.py
DATABASE_URL:                   postgres://asldfkjwg:[email protected]:2232/aslkdgjsadj234

Then you can create the same variables for your local environment with $ heroku config:get CONFIG-VAR-NAME -s >> .env.

After adding .env to .gitignore to avoid committing your local environment variables, you can customize them locally and add .env support to your flask apps in development and deployments with the python-dotenv package: https://github.com/theskumar/python-dotenv.

This way we achieve a strict separation of config from code, which complies with twelve-factor’s third statement: Store config in the environment

References

Uruguay
Marcelo Canina
I'm Marcelo Canina, a developer from Uruguay. I build websites and web-based applications from the ground up and share what I learn here.