To ensure that your session information is secure, a strong, cryptographically secure secret key is needed. That secret key cannot be hard coded in your source code and that is for two reasons. Since your Qradar App will be installed many different times, each installation needs a different secret key. Beyond that, it’s best practice to keep credentials out of source code.

Python has a handy os function that leverages the randomness generator of the operating system you’re running on.

We first must import the os module.

Import os

Then we’ll update our application configuration. See the embedded comments for more explanation

app.config.update(

    #Set the secret key to a sufficiently random value
    SECRET_KEY=os.urandom(24),

    #Set the session cookie to be secure
    SESSION_COOKIE_SECURE=True,

    #Set the session cookie for our app to a unique name
    SESSION_COOKIE_NAME='YourAppName-WebSession',

    #Set CSRF tokens to be valid for the duration of the session. This assumes you’re using WTF-CSRF protection
    WTF_CSRF_TIME_LIMIT=None

)

With this set up you avoid the issue of storing your secret key securely. It is re-generated each time your application is initialized.

For more information on what each config value does, you can check out the flask docs and the WTF docs
http://flask.pocoo.org/docs/1.0/config/

https://flask-wtf.readthedocs.io/en/stable/config.html

Questions? Head over to the Qradar AppDev form.