Settings¶
FastAdmin is configured entirely through environment variables. Set them in
your shell, your process manager, or a .env file loaded with
python-dotenv.
Required settings¶
These have no defaults and must be set:
| Variable | Description |
|---|---|
ADMIN_USER_MODEL |
Name of the user db/orm model class used for authentication (e.g. User). |
ADMIN_USER_MODEL_USERNAME_FIELD |
Username field on the user model (e.g. username or email). |
ADMIN_SECRET_KEY |
Key used to sign session data. Keep it secret — anyone holding it can forge signed values. |
export ADMIN_USER_MODEL=User
export ADMIN_USER_MODEL_USERNAME_FIELD=username
export ADMIN_SECRET_KEY=secret_key
Optional settings¶
| Variable | Default | Description |
|---|---|---|
ADMIN_PREFIX |
admin |
URL prefix the admin app is mounted under. |
ADMIN_SITE_NAME |
FastAdmin |
Site name shown on the sign-in page and header. |
ADMIN_SITE_SIGN_IN_LOGO |
/admin/static/images/sign-in-logo.svg |
Logo path on the sign-in page. |
ADMIN_SITE_HEADER_LOGO |
/admin/static/images/header-logo.svg |
Logo path in the header. |
ADMIN_SITE_FAVICON |
/admin/static/images/favicon.png |
Favicon path. |
ADMIN_PRIMARY_COLOR |
#009485 |
Primary UI color. |
ADMIN_SESSION_ID_KEY |
admin_session_id |
Cookie key for the session id (HTTP-only). |
ADMIN_SESSION_EXPIRED_AT |
144000 |
Session lifetime in seconds. |
ADMIN_SESSION_COOKIE_SECURE |
true |
Set the Secure flag so the session cookie is only sent over HTTPS. Set to false for local HTTP development. |
ADMIN_SESSION_COOKIE_SAMESITE |
lax |
SameSite policy for the session cookie (lax, strict or none). lax/strict mitigate CSRF. |
ADMIN_QUERY_MAX_LIMIT |
1000 |
Hard upper bound on rows returned by a single list/export request (caps a limit=100000000 DoS). |
ADMIN_DATE_FORMAT |
YYYY-MM-DD |
Date format for JS widgets. |
ADMIN_DATETIME_FORMAT |
YYYY-MM-DD HH:mm |
Datetime format for JS widgets. |
ADMIN_TIME_FORMAT |
HH:mm:ss |
Time format for JS widgets. |
The authoritative source is the Settings class:
import os
from pathlib import Path
ROOT_DIR = Path(__file__).resolve().parent
class Settings:
"""Settings"""
# This value is the prefix you used for mounting FastAdmin app for FastAPI.
ADMIN_PREFIX: str = os.getenv("ADMIN_PREFIX", "admin")
# This value is the site name on sign-in page and on header.
ADMIN_SITE_NAME: str = os.getenv("ADMIN_SITE_NAME", "FastAdmin")
# This value is the logo path on sign-in page.
ADMIN_SITE_SIGN_IN_LOGO: str = os.getenv("ADMIN_SITE_SIGN_IN_LOGO", "/admin/static/images/sign-in-logo.svg")
# This value is the logo path on header.
ADMIN_SITE_HEADER_LOGO: str = os.getenv("ADMIN_SITE_HEADER_LOGO", "/admin/static/images/header-logo.svg")
# This value is the favicon path.
ADMIN_SITE_FAVICON: str = os.getenv("ADMIN_SITE_FAVICON", "/admin/static/images/favicon.png")
# This value is the primary color for FastAdmin.
ADMIN_PRIMARY_COLOR: str = os.getenv("ADMIN_PRIMARY_COLOR", "#009485")
# This value is the session id key to store session id in http only cookies.
ADMIN_SESSION_ID_KEY: str = os.getenv("ADMIN_SESSION_ID_KEY", "admin_session_id")
# This value is the expired_at period (in sec) for session id.
ADMIN_SESSION_EXPIRED_AT: int = int(os.getenv("ADMIN_SESSION_EXPIRED_AT", 144000)) # in sec
# Set the Secure flag on the session cookie so it is only sent over HTTPS.
# Enabled by default; set ADMIN_SESSION_COOKIE_SECURE=false for local HTTP dev.
ADMIN_SESSION_COOKIE_SECURE: bool = os.getenv("ADMIN_SESSION_COOKIE_SECURE", "true").lower() != "false"
# SameSite policy for the session cookie ("lax", "strict" or "none").
# "lax" blocks the cross-site POST/PATCH/DELETE requests behind CSRF.
ADMIN_SESSION_COOKIE_SAMESITE: str = os.getenv("ADMIN_SESSION_COOKIE_SAMESITE", "lax")
# Hard upper bound on the number of rows a single list/export request may
# return. Caps memory/CPU use from a crafted limit=100000000 request.
ADMIN_QUERY_MAX_LIMIT: int = int(os.getenv("ADMIN_QUERY_MAX_LIMIT", 1000))
# This value is the date format for JS widgets.
ADMIN_DATE_FORMAT: str = os.getenv("ADMIN_DATE_FORMAT", "YYYY-MM-DD")
# This value is the datetime format for JS widgets.
ADMIN_DATETIME_FORMAT: str = os.getenv("ADMIN_DATETIME_FORMAT", "YYYY-MM-DD HH:mm")
# This value is the time format for JS widgets.
ADMIN_TIME_FORMAT: str = os.getenv("ADMIN_TIME_FORMAT", "HH:mm:ss")
# This value is the name for User db/orm model class for authentication.
ADMIN_USER_MODEL: str = os.getenv("ADMIN_USER_MODEL")
# This value is the username field for User db/orm model for for authentication.
ADMIN_USER_MODEL_USERNAME_FIELD: str = os.getenv("ADMIN_USER_MODEL_USERNAME_FIELD")
# This value is the key to securing signed data - it is vital you keep this secure,
# or attackers could use it to generate their own signed values.
ADMIN_SECRET_KEY: str = os.getenv("ADMIN_SECRET_KEY")
settings = Settings()