We don't want any configuration details and sensitive data inside our main.py. This means replacing code like this:

app.config['SECRET_KEY'] = '8BYkEfBA6O6donzWlSihBXox7C0sKR6b'

with code that looks like this:

app.config['SECRET_KEY'] = os.environ.get('FLASK_KEY')

where "FLASK_KEY" is the name of your environment variable. We covered environment variables in day 35.

1. Import the os module.

import os

2. Use an environment variable everywhere you have a line that reads app.config['...']

For example the Flask configuration:

app.config['SECRET_KEY'] = '8BYkEfBA6O6donzWlSihBXox7C0sKR6b'

should read:

app.config['SECRET_KEY'] = os.environ.get('FLASK_KEY')

3. And the SQLAlchemy configuration

app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///posts.db'

should read:

app.config['SQLALCHEMY_DATABASE_URI'] = os.environ.get("DB_URI", "sqlite:///posts.db")

4. If you are using a working contact form, then make sure you get your email and password via an environment variable as well.

5. Finally, set your app.run(debug=True) to

if __name__ == "__main__":
    app.run(debug=False)