Heroku with Flask - Integrations

Heroku Flask

Heroku with Flask

In this tutorial we’ll show you how to integrate Dotenv Vault with a Flask app deployed to Heroku. This tutorial assumes you have already learned how to sync a .env file.

You can find a complete example repo here.

Install Flask

Install Flask and Gunicorn.

$ pip install flask

Create a app.py file.

# app.py
from flask import Flask

app = Flask(__name__)

def index():
  return "<p>Hello, World!</p>"


Create a wsgi.py file.

# wsgi.py
from app import app

if __name__ == '__main__':


Install dotenv-vault

Create your .env file.

# .env

Install dotenv-vault.

$ pip install python-dotenv-vault

Require dotenv-vault at the top of your code in app.py, and

# app.py
import os
from dotenv_vault import load_dotenv
from flask import Flask


app = Flask(__name__)

def index():
  hello = os.getenv("HELLO")
  return f"<p>Hello, {hello}!</p>"


Run the app. It should say ‘Hello Development’.

$ flask run

Great, let’s deploy that to Heroku.

Deploy to Heroku

Install gunicorn.

$ pip install flask gunicorn

Create a Procfile.

web: gunicorn --workers 4 --bind${PORT} wsgi:app

Create runtime.txt.


Freeze your requirements.txt.

$ pip freeze > requirements.txt

Set up your .gitignore file.

# .gitignore

Commit all your changes to git and create your app on Heroku.

$ git commit -am "Ready for Heroku"
$ heroku create
$ git push heroku

It will say ‘Hello, None!’.

Great. We’re ready build our encrypted .env.vault file and configure Dotenv Vault with heroku.

Build .env.vault

Set a production value for when we deploy. I set it to HELLO=Production. Run dotenv-vault open to edit production values.

$ npx dotenv-vault open production

Then build your localized encrypted .env.vault file.

$ npx dotenv-vault build

Great! Commit your .env.vault file to code and deploy it to heroku. It is safe and necessary to do so.


Lastly, set the DOTENV_KEY on Heroku.

Run npx dotenv-vault keys production to get your production decryption key.

$ npx dotenv-vault keys production
remote:   Listing .env.vault decryption keys... done

dotenv://:[email protected]/vault/.env.vault?environment=production

Visit your Heroku Project’s Settings > Reveal Config Vars > Environment Variables. Set DOTENV_KEY.

Commit and push

That’s it!

Commit those changes safely to code and deploy to Heroku.

When the app boots, it will recognize the DOTENV_KEY, decrypt the .env.vault file, and load the production environment variables to ENV. If a DOTENV_KEY is not set (like during development on your local machine) it will fall back to regular dotenv.

You’ll know things worked correctly if you see the message ‘Loading env from encrypted .env.vault’ in your heroku logs.