You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
app_environment is a server wide setting. Changing it while running server can lead to unpredictable results. For example, Changing from production to development won't cause the server to start showing debug errors since it requires server restart. Also, the APP_CONFIG environment variable controls the flask server mode and database app_environment controls the programmatic config settings, these 2 conflict and overlap without any single one completely overriding the other. Only APP_CONFIG should control the system wide setting of app mode, since you should definitely restart the server in order to change from development to production and vice versa. Hence, it should be removed from the db
Keeping the secret in DB is like leaving the key to the vault taped to its front with a label on it saying - "Hey, this is the key to the vault where all my valuables are stored. Have fun stealing them". secret is used in (potentially) cryptographic operations such as password hashing and encryption. We MAY not be using it now, but if in future, we encrypt the data we store and the database is compromised, the hackers will get the key to decrypt the data with it. I don't why it was thought as a good idea to store it in the DB. There is no use to be able to change secret through the frontend since it should never be changed once a server is deployed and ready to use. In fact, transfer from server to frontend and vice versa over insecure connection will leak it as well. It should only be configured through environment variables. Hence, remove from settings and make it a compulsory environment variable. Server should not start if the secret is not configured
