To ensure that your session information is secure, a strong, cryptographically secure secret key is needed. That secret key cannot be hard coded in your source code and that is for two reasons. Since your Qradar App will be installed many different times, each installation needs a different secret key. Beyond that, it’s best practice to keep credentials out of source code.

Python has a handy os function that leverages the randomness generator of the operating system you’re running on.

We first must import the os module.

Import os

Then we’ll update our application configuration. See the embedded comments for more explanation


    #Set the secret key to a sufficiently random value

    #Set the session cookie to be secure

    #Set the session cookie for our app to a unique name

    #Set CSRF tokens to be valid for the duration of the session. This assumes you’re using WTF-CSRF protection


With this set up you avoid the issue of storing your secret key securely. It is re-generated each time your application is initialized.

For more information on what each config value does, you can check out the flask docs and the WTF docs

Questions? Head over to the Qradar AppDev form.