Skip to main content
Checawaa uses environment variables to manage sensitive configuration and deployment-specific settings. This guide covers all available configuration options.

Overview

Environment variables allow you to:
  • Keep sensitive credentials out of source code
  • Use different configurations for development, staging, and production
  • Deploy the same codebase to multiple environments
  • Follow security best practices
Never commit .env files or hardcode credentials in your source code. Always use environment variables for sensitive data in production.

Required Variables

Application Secret Key

SECRET_KEY
string
required
Secret key used for session management and security features.Default (Development): clave_secreta_muy_segura (see app.py:13)Production: Generate a strong random key:
python -c 'import secrets; print(secrets.token_hex(32))'
The default value should NEVER be used in production. Always generate a unique, random secret key.

Email Configuration

The application uses Flask-Mail for sending automated reminder emails. Configuration is set in app.py:15-21.
MAIL_SERVER
string
required
SMTP server hostname for sending emails.Default: smtp.gmail.comCommon values:
  • Gmail: smtp.gmail.com
  • Outlook: smtp.office365.com
  • SendGrid: smtp.sendgrid.net
  • Custom SMTP: Your server hostname
MAIL_PORT
integer
required
SMTP server port number.Default: 587Common values:
  • 587 - TLS (recommended)
  • 465 - SSL
  • 25 - Unencrypted (not recommended)
MAIL_USE_TLS
boolean
required
Enable TLS encryption for email connections.Default: True
TLS is recommended for secure email transmission. Set to True when using port 587.
MAIL_USERNAME
string
required
Email account username for SMTP authentication.Default (Development): [email protected] (see app.py:19)Production: Use your actual email address
Replace the default email with your own email account. The default is for reference only.
MAIL_PASSWORD
string
required
Password or app-specific password for SMTP authentication.Default (Development): mcgc unmv wkci dbrr (see app.py:20)
For Gmail, use an App Password, not your regular account password. Two-factor authentication must be enabled.
Security Note: The default value is a Gmail app password format and should be replaced with your own.

Optional Variables

Server Configuration

FLASK_ENV
string
default:"production"
Flask environment mode.Values:
  • development - Debug mode enabled, detailed errors
  • production - Optimized for production, minimal output
The application sets debug=True in app.py:239 for local development. Override this with environment variables in production.
PORT
integer
default:"5000"
Port number for the application server.Default: 5000 (see app.py:239)Heroku: Automatically set via $PORT variable
HOST
string
default:"0.0.0.0"
Host address to bind the server.Default: 0.0.0.0 (see app.py:239)Values:
  • 0.0.0.0 - Accept connections from any IP
  • 127.0.0.1 - Local connections only

Scheduler Configuration

SCHEDULER_HOUR
integer
default:"8"
Hour of day (24-hour format) to send automated reminders.Default: 8 (8:00 AM - see app.py:90)Range: 0-23
SCHEDULER_MINUTE
integer
default:"0"
Minute of hour to send automated reminders.Default: 0 (see app.py:90)Range: 0-59
TZ
string
default:"UTC"
Timezone for the scheduler.Heroku Example:
heroku config:set TZ=America/Mexico_City
Set this to match your local timezone to ensure reminders are sent at the correct time.

Configuration Methods

Set environment variables directly in your shell or hosting platform: 
export SECRET_KEY=your_secret_key_here
export MAIL_SERVER=smtp.gmail.com
export MAIL_PORT=587
export MAIL_USERNAME=your_email@gmail.com
export MAIL_PASSWORD=your_app_password

Method 2: .env File (Development Only)

Create a .env file in your project root:
.env
# Application
SECRET_KEY=clave_secreta_muy_segura
FLASK_ENV=development

# Email Configuration
MAIL_SERVER=smtp.gmail.com
MAIL_PORT=587
MAIL_USE_TLS=True
MAIL_USERNAME=[email protected]
MAIL_PASSWORD=your_app_password

# Server
HOST=0.0.0.0
PORT=5000

# Scheduler
SCHEDULER_HOUR=8
SCHEDULER_MINUTE=0
TZ=America/Mexico_City
Add .env to your .gitignore file to prevent committing sensitive data:
.gitignore
.env
*.env
.env.local

Method 3: Using python-dotenv

To automatically load .env files, install python-dotenv: 
pip install python-dotenv
Add to the top of app.py: 
from dotenv import load_dotenv
load_dotenv()  # Load environment variables from .env file

Reading Environment Variables in Code

The current implementation uses hardcoded values in app.py:13-20. To use environment variables, update your code: 
app.secret_key = 'clave_secreta_muy_segura'

app.config['MAIL_SERVER'] = 'smtp.gmail.com'
app.config['MAIL_PORT'] = 587
app.config['MAIL_USE_TLS'] = True
app.config['MAIL_USERNAME'] = '[email protected]'
app.config['MAIL_PASSWORD'] = 'mcgc unmv wkci dbrr'

Platform-Specific Configuration

Heroku

View all configured variables: 
heroku config
Set a single variable: 
heroku config:set VARIABLE_NAME=value
Remove a variable: 
heroku config:unset VARIABLE_NAME

Docker

Pass environment variables via Docker: 
docker run -e SECRET_KEY=your_key -e [email protected] your-image
Or use a .env file: 
docker run --env-file .env your-image

systemd (Linux Services)

Add to your service file:
/etc/systemd/system/checawaa.service
[Service]
Environment="SECRET_KEY=your_secret_key"
Environment="[email protected]"
Environment="MAIL_PASSWORD=your_app_password"

Security Best Practices

1

Use Strong Secrets

Generate cryptographically secure random values:
python -c 'import secrets; print(secrets.token_hex(32))'
2

Never Commit Credentials

Add sensitive files to .gitignore:
.env
.env.*
!.env.example
3

Use Different Secrets Per Environment

Development, staging, and production should have completely different secret keys.
4

Rotate Credentials Regularly

Change passwords and secret keys periodically, especially after team member changes.
5

Use Password Managers

Store production credentials in a secure password manager or secrets management service.

Example Configurations

Development

.env.development
SECRET_KEY=dev_secret_key_for_testing
FLASK_ENV=development
MAIL_SERVER=localhost
MAIL_PORT=1025
MAIL_USE_TLS=False
MAIL_USERNAME=test@localhost
MAIL_PASSWORD=test

Production

Production (Heroku)
heroku config:set SECRET_KEY=$(python -c 'import secrets; print(secrets.token_hex(32))')
heroku config:set FLASK_ENV=production
heroku config:set MAIL_SERVER=smtp.gmail.com
heroku config:set MAIL_PORT=587
heroku config:set MAIL_USE_TLS=True
heroku config:set [email protected]
heroku config:set MAIL_PASSWORD=prod_app_specific_password
heroku config:set TZ=America/Mexico_City

Troubleshooting

Environment Variables Not Loading

Solution:
  • Verify variable names are correct (case-sensitive)
  • Restart your application after setting variables
  • Check that .env file is in the project root
  • Ensure python-dotenv is installed if using .env files

Email Authentication Fails

Solution:
  • Use Gmail App Password (not regular password)
  • Enable 2FA on your Google account
  • Check MAIL_USERNAME and MAIL_PASSWORD are correctly set
  • Verify MAIL_SERVER and MAIL_PORT are correct

Scheduler Timezone Issues

Solution:
  • Set the TZ environment variable explicitly
  • Use IANA timezone names (e.g., America/Mexico_City)
  • Restart the application after changing timezone
  • Check logs to verify scheduler triggers at correct time

Next Steps

Local Setup

Configure your local development environment

Deploy to Heroku

Deploy with environment variables

Build docs developers (and LLMs) love

Get started for freeTalk to us