Skip to main content
The Maths Society Platform uses environment variables for configuration. All configuration is loaded from a .env file in your project root using python-dotenv.

Core Settings

SECRET_KEY
string
required
Secret key for session encryption and CSRF protection.
Required in production. Use a strong, randomly generated value. Never commit this to version control.
If not set, the application will generate a random key using os.urandom(24), but this will change on every restart.Example:
SECRET_KEY=your-very-secret-random-key-here

Environment Detection

The platform supports multiple ways to indicate the running environment. Any of these variables can be used:
FLASK_ENV
string
default:"development"
Flask environment mode.Options:
  • development - Development mode with debug enabled
  • testing - Testing mode with in-memory database
  • production - Production mode with security hardening
Example:
FLASK_ENV=production
APP_ENVIRONMENT
string
default:"development"
Alternative environment indicator. Use if your deployment platform sets this instead of FLASK_ENV.Options: development, testing, productionExample:
APP_ENVIRONMENT=production
ENV
string
default:"dev"
Short-form environment indicator.Options:
  • dev - Development
  • prod - Production
Example:
ENV=prod
The application is considered to be in production mode if any of these conditions are met:
  • FLASK_ENV=production
  • APP_ENVIRONMENT=production
  • ENV=prod

Logging Configuration

LOG_TO_STDOUT
boolean
default:"false"
Enable logging to standard output instead of file-based logging.Set to true when deploying to platforms that capture stdout (like Heroku, Docker, or Kubernetes).Example:
LOG_TO_STDOUT=true
When false, logs are written to app.log in the project root.

File Upload Settings

UPLOAD_FOLDER
path
default:"app/static/uploads"
Directory for user-uploaded files (PDFs, images, etc.).
This is set automatically by the configuration class and typically doesn’t need to be overridden.
The default location is app/static/uploads relative to the project root.

Complete Example

Here’s a complete .env file example: 
# Security
SECRET_KEY=your-super-secret-key-change-this-in-production

# Database (see Database Configuration page for details)
DATABASE_TYPE=postgresql
DB_USERNAME=postgres
DB_PASSWORD=your_password
DB_HOST=localhost
DB_NAME=mathsoc

# Environment
FLASK_ENV=development
APP_ENVIRONMENT=development
ENV=dev

# Logging
LOG_TO_STDOUT=false

Configuration Class Reference

The platform uses different configuration classes based on the environment:
EnvironmentDebugDatabaseCSP unsafe-evalRate LimitingCSRF
DevelopmentEnabledPostgreSQL or SQLiteAllowedEnabledEnabled
TestingDisabledIn-memory SQLiteAllowedDisabledDisabled
ProductionDisabledPostgreSQL (recommended)BlockedEnabledEnabled
In production mode:
  • Debug mode is disabled
  • HTTPS is enforced via Talisman
  • CSP unsafe-eval is blocked by default
  • Rate limiting is active
  • Strict security headers are applied

Next Steps

Database Configuration

Configure PostgreSQL or SQLite database connections

Security Settings

Learn about CSP, Talisman, and rate limiting configuration

Build docs developers (and LLMs) love

Get started for freeTalk to us