django SECRET KEY

Question

django SECRET KEY

Closed this issue 7 years ago · 7 comments

k there is no harm in changing django secret key until it runs in production ,but what we can do is, this will generates a Secret Key for django and we ask other people to generate their own key and paste it in thier secret key settings before production, @sourabhtk37 ?

Answer 1 · 2017-07-17T14:59:56.000Z

I am skeptical about a third party tool. I am pretty sure there is a something within django to recreate secret key, since it itself created secret key using django-admin startproject. Else we will update the docs. I was thinking of environment variables and generating a key with some command line tool would be better(most people use keys like this).
The changes required for this in settings.py would be:

import os
SECRET_KEY = os.environ['SECRET_KEY']

Answer 2 · 2017-07-17T15:40:35.000Z

here you go

from django.utils.crypto import get_random_string

chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)'
SECRET_KEY = get_random_string(50, chars)
print SECRET_KEY

this generates the secret key

Answer 3 · 2017-07-17T17:07:53.000Z

Great. But how would we make this work. Can we add this in an .env file and export as environment variable without user worrying too much?

Answer 4 · 2017-07-17T17:34:07.000Z

This seems a nice way.

Answer 5 · 2017-07-17T18:32:27.000Z

yes its a nice way but one thing is that if for what ever reason that try failed in production bam everything gone.Can we do something like it generates the key and delete the file that generated the key after its use.
dont want to keep its key creation mechanism hanging somewhere in the code

Answer 6 · 2017-07-17T18:38:07.000Z

Sure, I will write one shell script.

Answer 7 · 2017-07-17T22:07:55.000Z

Also one had to very dumb to store key in a file in production. No one does that. People dealing with servers have knowledge about this. Plus putting a Django application in production, one should already be aware of all this.