Managing Settings and Secrets for Different Environments

00:00 Managing Settings and Secrets for Different Environments. Most applications require different settings for each environment to do things such as enabling debugging features or pointing to different databases.

00:14 Some of these settings—such as authentication credentials, database passwords, and API keys—are sensitive, so you must avoid hard-coding them into the application files.

00:25 You can create a config.py file to hold the nonsensitive configuration values and read the sensitive ones from environment variables. On-screen, you’ll see config.py being created.

00:43 This code declares a Config class used as the base for each environment’s configuration. A secret key is read from the environment variable using os.getenv().

00:54 This avoids disclosing the actual key in the source code. At the same time, you can customize any option for each environment.

01:22 Next you’ll need to modify app.py to use a different configuration class depending on the environment. Here you can see the modified app.py being created.

01:40 Here the configuration is loaded from one of the previously defined classes in config.py. The specific configuration class will depend on the value stored in the APP_SETTINGS environment variable. If the variable is undefined, the configuration will fall back to DevelopmentConfig by default.

02:06 The message was modified to show the secret key obtained by app.config.get(). You don’t typically display sensitive information as part of your responses. This is just an example to show how you can read these values.

02:20 Now you can see how this works locally by passing some environment variables when launching the app. Here’s how to set the secret key environment variable on macOS and Linux,

02:38 and here’s how to set it on Windows.

02:47 After setting the environment variable, run the application and navigate to the address seen on-screen. You should see the message The configured secret key is key-read-from-env-var, as seen on-screen.

03:01 If the variable wasn’t set, then you’d see the message on-screen now. Next, commit the changes and push them to the staging environment by running the command seen on-screen. First the changes to app.py and config.py are added, and then a commit is created.

03:24 Finally, these changes are pushed to the staging environment. This triggers a new build and deployment process. Before proceeding, you can customize the environment variables for this environment using a Heroku CLI.

03:43 Using the config:set command, you set the value of SECRET_KEY and APP_SETTINGS for staging.

04:03 You can verify that the changes were deployed by going to the staging app URL and checking that the page shows the message The configured secret key is the-staging-key, as seen on-screen.

04:16 Using Heroku CLI, you can also get the values of the environment variables for any app. On-screen, you’ll see the command that gets all the environment variables set for the staging environment from Heroku.

04:33 As you can see, these values match the previously set ones. Finally, you can set different production configuration values using the Heroku CLI

04:58 and then promote the new version to production.

05:10 Once more, you can verify the changes were deployed by going to the production URL and checking that the page shows The configured secret key is the-production-key. In this section, you’ve learned how to use a different configuration for each environment and also how to handle sensitive settings using environment variables—an important skill to have, as this means sensitive data doesn’t end up in your public repositories. Remember, of course, in real-world applications, you wouldn’t expose sensitive information like SECRET_KEY.

05:43 The code here is just to demonstrate the principle in action. Now that you’ve completed the topics of the course, in the next section, you’ll review what you’ve learned.