Skip to main content

Overview

The Furniture Store Backend uses environment variables to manage configuration across different environments. All configuration is loaded through the config.py module, which reads from a .env file using python-dotenv.

Environment Variables

Create a .env file in the project root based on the .env-template file:
.env-template
FLASK_APP=app.py
FLASK_ENV=development

DB_USER=example_user
DB_PASSWORD=example_password
DB_HOST=localhost
DB_PORT=3306
DB_NAME=example_db

Required Variables

FLASK_APP
string
required
The entry point for the Flask application. Set to app.py or run.py.
FLASK_ENV
string
required
The Flask environment mode. Use development for local development or production for production deployments.
Setting FLASK_ENV=production requires a valid SECRET_KEY to be set.
DB_USER
string
required
MySQL database username for authentication.
DB_PASSWORD
string
required
MySQL database password for authentication.
Use strong passwords in production and never commit them to version control.
DB_HOST
string
required
Database server hostname or IP address. Typically localhost for development or a remote host for production.
DB_PORT
string
required
MySQL database port. Default is 3306.
DB_NAME
string
required
Name of the database to connect to.
SECRET_KEY
string
Secret key for session management and CSRF protection.
Production Requirement: This variable is required in production. The application will raise a ValueError if SECRET_KEY is not set when FLASK_ENV=production.
In development, if not provided, defaults to "dev-secret-key-change-in-production".

Configuration Structure

The config.py file defines the Config class that loads and manages all configuration settings:
config.py
import os
from dotenv import load_dotenv

load_dotenv()

class Config:
    DB_USER = os.getenv("DB_USER")
    DB_PASSWORD = os.getenv("DB_PASSWORD")
    DB_HOST = os.getenv("DB_HOST")
    DB_PORT = os.getenv("DB_PORT")
    DB_NAME = os.getenv("DB_NAME")

    SQLALCHEMY_DATABASE_URI = (
        f"mysql+pymysql://{DB_USER}:{DB_PASSWORD}@{DB_HOST}:{DB_PORT}/{DB_NAME}"
    )

    SQLALCHEMY_TRACK_MODIFICATIONS = False

    # SECRET_KEY is required for session management and CSRF protection
    SECRET_KEY = os.getenv("SECRET_KEY")
    if not SECRET_KEY:
        # Only allow default in development; production must set SECRET_KEY
        if os.getenv("FLASK_ENV") == "production":
            raise ValueError("SECRET_KEY must be set in production environment")
        SECRET_KEY = "dev-secret-key-change-in-production"

Key Configuration Options

Automatically constructed from individual database variables using the format:
mysql+pymysql://{DB_USER}:{DB_PASSWORD}@{DB_HOST}:{DB_PORT}/{DB_NAME}
This uses the PyMySQL driver for MySQL connectivity.
Set to False to disable Flask-SQLAlchemy’s event notification system, which adds unnecessary overhead and is not needed for most applications.

Security Considerations

Never commit sensitive credentials to version control. The .env file should be listed in .gitignore.

SECRET_KEY Generation

For production environments, generate a strong secret key: 
python -c "import secrets; print(secrets.token_hex(32))"
Add this to your .env file: 
SECRET_KEY=your_generated_secret_key_here

Security Best Practices

Use Strong Passwords

Database passwords should be complex and unique for each environment.

Rotate Secrets Regularly

Change SECRET_KEY and database credentials periodically.

Environment Isolation

Use different credentials for development, staging, and production.

Access Control

Restrict database access to only the application servers that need it.

Development vs Production Settings

Development Configuration

.env
FLASK_ENV=development
DB_HOST=localhost
DB_PORT=3306
DB_USER=dev_user
DB_PASSWORD=dev_password
DB_NAME=furniture_store_dev
# SECRET_KEY can be omitted in development
In development mode, Flask enables debug mode with automatic reloading and detailed error pages.

Production Configuration

.env
FLASK_ENV=production
DB_HOST=prod-db-server.example.com
DB_PORT=3306
DB_USER=prod_user
DB_PASSWORD=strong_secure_password_here
DB_NAME=furniture_store_prod
SECRET_KEY=your_generated_secret_key_here
Production requires:
  • A strong, randomly generated SECRET_KEY
  • Secure database credentials
  • HTTPS/TLS for all connections
  • Proper firewall and network security

Application Initialization

The configuration is loaded during application creation in app/__init__.py:
app/__init__.py
from flask import Flask
from config import Config
from .extensions import csrf, db, migrate

def create_app():
    app = Flask(__name__)
    
    # Load configuration from Config class
    app.config.from_object(Config)
    
    # Initialize extensions
    db.init_app(app)
    migrate.init_app(app, db)
    csrf.init_app(app)
    
    return app

Verifying Configuration

You can verify your configuration is loaded correctly by running the application: 
python run.py
The run.py script includes a database connection test:
run.py
from app import create_app
from app.extensions import db

app = create_app()

with app.app_context():
    try:
        connection = db.engine.connect()
        print("Database connection successful!")
        connection.close()
    except Exception as e:
        print(f"Database connection failed: {e}")
If the configuration is correct, you should see “Database connection successful!” when running the application.

Next Steps

Database Configuration

Learn about MySQL connection setup and SQLAlchemy configuration

Migrations

Set up and manage database migrations with Flask-Migrate

Build docs developers (and LLMs) love

Get started for freeTalk to us