Skip to main content
Fantasy Basketball Analytics uses environment variables to manage configuration across different deployment environments.

Configuration Overview

Environment variables are loaded differently depending on your environment:
  • Local Development: Variables are loaded from a .env file using python-dotenv
  • Production (Heroku): Variables are set using heroku config:set and managed through Heroku’s config system
When FLASK_ENV=development, the application automatically loads variables from .env. In production, set variables directly in your hosting environment.

Required Variables

These environment variables must be set for the application to function:

YAHOO_CLIENT_ID

YAHOO_CLIENT_ID
string
required
Your Yahoo Developer application’s Client ID
Where to get it:
  1. Visit Yahoo Developer Network
  2. Create or select your application
  3. Find the Client ID in your app settings
Example: 
YAHOO_CLIENT_ID=dj0yJmk9aBcDeFgHiJkLmNoPqRsTuVwXyZ
Never commit your Client ID to version control in public repositories. Use environment variables or .env files (excluded via .gitignore).

YAHOO_CLIENT_SECRET

YAHOO_CLIENT_SECRET
string
required
Your Yahoo Developer application’s Client Secret
Where to get it:
  1. Same location as Client ID in Yahoo Developer settings
  2. May need to click “Show Secret” to reveal the value
Example: 
YAHOO_CLIENT_SECRET=abcdef1234567890abcdef1234567890abcdef12
Treat this like a password. Never share it or commit it to version control.
Used in the code: 
# From main.py:128-129
client_id=os.environ["YAHOO_CLIENT_ID"],
client_secret=os.environ["YAHOO_CLIENT_SECRET"],

FLASK_SECRET_KEY

FLASK_SECRET_KEY
string
required
Secret key used for Flask session encryption and security
How to generate: 
python -c "import secrets; print(secrets.token_hex(32))"
This produces a cryptographically secure random string like: 
f3a4b5c6d7e8f9a0b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4
Example: 
FLASK_SECRET_KEY=f3a4b5c6d7e8f9a0b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4
Use a different secret key for development and production. Never use the default dev-key in production.
Used in the code: 
# From main.py:117
app.secret_key = os.getenv("FLASK_SECRET_KEY", "dev-key")

Optional Variables

FLASK_ENV

FLASK_ENV
string
default:"production"
Determines the application environment mode
Accepted values:
  • development - Enables debug mode, auto-reload, and loads .env file
  • production - Disables debug features, optimized for performance
Example: 
# Local development
FLASK_ENV=development

# Production
FLASK_ENV=production
Effects of FLASK_ENV=development:
  1. Auto-loads .env file:
# From main.py:18-24
if os.getenv("FLASK_ENV", "development") == "development":
    try:
        from dotenv import load_dotenv, dotenv_values
        load_dotenv()
        _ = dotenv_values()
    except Exception as e:
        logging.warning("[dotenv] %s – check .env formatting (KEY=VALUE).", e)
  1. Enables debug mode:
# From main.py:971
if __name__ == "__main__":
    app.run(debug=True, port=5000, host='0.0.0.0')
Always set FLASK_ENV=production on Heroku or other production environments to disable debug mode and prevent information leakage.

Environment File Example

Create a .env file in your project root for local development: 
# .env - Local Development Configuration

# Yahoo OAuth Credentials
YAHOO_CLIENT_ID=your_client_id_here
YAHOO_CLIENT_SECRET=your_client_secret_here

# Flask Configuration
FLASK_SECRET_KEY=your_random_secret_key_here
FLASK_ENV=development
Add .env to your .gitignore file to prevent accidentally committing secrets:
echo ".env" >> .gitignore

Setting Variables by Environment

Local Development

  1. Copy the example file:
cp .env.example .env
  1. Edit .env with your values:
nano .env  # or use your preferred editor
  1. Verify variables are loaded:
import os
print(os.getenv('YAHOO_CLIENT_ID'))

Heroku Production

  1. Set individual variables:
heroku config:set YAHOO_CLIENT_ID=your_value
heroku config:set YAHOO_CLIENT_SECRET=your_value
heroku config:set FLASK_SECRET_KEY=your_value
heroku config:set FLASK_ENV=production
  1. Set multiple variables at once:
heroku config:set \
  YAHOO_CLIENT_ID=your_value \
  YAHOO_CLIENT_SECRET=your_value \
  FLASK_SECRET_KEY=your_value \
  FLASK_ENV=production
  1. View all config variables:
heroku config
  1. Remove a variable:
heroku config:unset VARIABLE_NAME

Complete Environment Variables Table

VariableTypeRequiredDefaultDescription
YAHOO_CLIENT_IDstringYesNoneYahoo Developer application Client ID
YAHOO_CLIENT_SECRETstringYesNoneYahoo Developer application Client Secret
FLASK_SECRET_KEYstringYes"dev-key"Secret key for session encryption (never use default in production)
FLASK_ENVstringNo"production"Application environment (development or production)

Security Best Practices

Generate cryptographically secure random strings for FLASK_SECRET_KEY:
# Python method
python -c "import secrets; print(secrets.token_hex(32))"

# OpenSSL method
openssl rand -hex 32

# UUID method (shorter but adequate)
python -c "import uuid; print(str(uuid.uuid4()))"
Always use .gitignore to exclude sensitive files:
# .gitignore
.env
.env.local
*.env
config/secrets.py
Verify nothing sensitive is tracked:
git status
git grep -i "YAHOO_CLIENT_SECRET"
Never reuse the same FLASK_SECRET_KEY across environments:
  • Development: One secret key
  • Staging: Different secret key
  • Production: Different secret key
This limits the impact if one environment is compromised.
Periodically update your credentials:
  1. Generate new Yahoo OAuth credentials
  2. Update environment variables
  3. Test the application
  4. Delete old credentials from Yahoo Developer
Consider rotating every 90 days for production apps.
Add validation to catch missing variables early:
import os

required_vars = [
    'YAHOO_CLIENT_ID',
    'YAHOO_CLIENT_SECRET',
    'FLASK_SECRET_KEY'
]

for var in required_vars:
    if not os.getenv(var):
        raise ValueError(f"Missing required environment variable: {var}")

Troubleshooting

Variables not loading in development

  1. Check FLASK_ENV is set to development:
echo $FLASK_ENV
  1. Verify .env file exists in project root:
ls -la .env
  1. Check .env file format:
# Correct format (no quotes unless needed)
YAHOO_CLIENT_ID=abc123

# Incorrect format
YAHOO_CLIENT_ID="abc123"  # Remove quotes unless value contains spaces

KeyError when accessing variables

If you see KeyError: 'YAHOO_CLIENT_ID': 
# This will crash if not set
client_id = os.environ["YAHOO_CLIENT_ID"]

# This provides a fallback (use for optional variables only)
client_id = os.getenv("YAHOO_CLIENT_ID", "default_value")
For required variables, the crash is intentional to prevent running with missing configuration.

Next Steps

Local Development

Set up your development environment

Heroku Deployment

Deploy to production

Build docs developers (and LLMs) love

Get started for freeTalk to us