Guide · June 1, 2025

Deploy a Flask App for Internal Company Use (Company Email Only)

How to deploy a Flask or FastAPI app so only @yourcompany.com employees can access it — without IT, without AWS, in 30 seconds.


You built a Flask (or FastAPI) app. It does something useful — it enriches leads, generates reports, talks to an internal API. You want your team to be able to use it from a URL, but only your company's employees.

Here are your options, ranked by how fast they actually work.

Option 1: Workshop (30 seconds)

Workshop is a CLI deploy tool built specifically for internal company apps. It hosts your Flask app on Cloudflare's edge, gates it behind company email auth, and gives you a URL you can paste in Slack.

npm install -g @getworkshop/cli
workshop login
cd your-flask-project
workshop init   # detects Python, asks for entry command
workshop deploy

When running workshop init, it will ask for your entry command. For Flask:

gunicorn app:app --bind 0.0.0.0:$PORT

For FastAPI:

uvicorn main:app --host 0.0.0.0 --port $PORT

Choose company domain access mode. Deploy. Done.

Option 2: Railway + roll your own auth (~2 hours)

Railway will host your Flask app without an AWS setup. But it's public by default. You'd need to add Flask-Login or integrate Google OAuth yourself, then add domain restriction logic. For a quick internal tool, this is usually 2-4 hours of work that defeats the purpose of vibe coding it in the first place.

Option 3: Fly.io + manual SSO

Fly.io is excellent for containerized Python apps. Same problem as Railway — it's public by default. You'd need Authelia or a similar auth proxy in front of it. Another hour of config you probably don't want to do.

Environment variables and secrets

Workshop proxies your environment variables securely. Set them from the dashboard or CLI:

workshop secret set OPENAI_API_KEY=sk-...
workshop secret set DATABASE_URL=postgresql://...

Your Flask app reads them via os.environ as normal. Keys never appear in the bundle or browser.

Scheduled Flask scripts

If your app is a cron job rather than a web server, use the cron field in workshop.config.json:

{
  "name": "my-report",
  "runtime": "python",
  "entry_cmd": "python generate_report.py",
  "cron": "0 8 * * 1-5"
}

This runs your script at 8am every weekday. Failure alerts go to your email.

Try Workshop

Deploy your internal app in 30 seconds.

Free for one app. No credit card required.

npm install -g @getworkshop/cli && workshop deploy

Get early access → getworkshop.io

Related

Deploy Your Claude Code App So Your Team Can Use It
Run workshop deploy and get a URL only your @company.com coworkers can open. No IT ticket, no Vercel enterprise plan. Free for one app.
How to Deploy a Vibe-Coded App Internally (Without Making It Public)
You built it with Claude Code or Cursor. Now your team needs to use it — without it being on the public internet. Here's the 30-second path.
Company Email Access Control for Internal Tools — Without Enterprise Plans
Getting company-email gating on an internal tool doesn't require Vercel Enterprise or Okta admin help. Here's the fast path.