django SECRET KEY

[nishutosh]

k there is no harm in changing django secret key until it runs in production ,but what we can do is, this will generates a Secret Key for django and we ask other people to generate their own key and paste it in thier secret key settings before production, @sourabhtk37 ?

[sourabhtk37]

I am skeptical about a third party tool. I am pretty sure there is a something within django to recreate secret key, since it itself created secret key using django-admin startproject. Else we will update the docs. I was thinking of environment variables and generating a key with some command line tool would be better(most people use keys like this). The changes required for this in settings.py would be:

import os
SECRET_KEY = os.environ['SECRET_KEY']

[nishutosh]

here you go

from django.utils.crypto import get_random_string

chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)'
SECRET_KEY = get_random_string(50, chars)
print SECRET_KEY

this generates the secret key

[sourabhtk37]

Great. But how would we make this work. Can we add this in an .env file and export as environment variable without user worrying too much?

[sourabhtk37]

This seems a nice way.

[nishutosh]

yes its a nice way but one thing is that if for what ever reason that try failed in production bam everything gone.Can we do something like it generates the key and delete the file that generated the key after its use. dont want to keep its key creation mechanism hanging somewhere in the code

[sourabhtk37]

Sure, I will write one shell script.

[sourabhtk37]

Also one had to very dumb to store key in a file in production. No one does that. People dealing with servers have knowledge about this. Plus putting a Django application in production, one should already be aware of all this.