Should Flask-DebugToolbar really require the 'SECRET_KEY' config?

[dmalan]

Before proposing a PR, just wanted to check if this check in __init__.py:67 is strictly necessary?

        if not app.config.get('SECRET_KEY'):
            raise RuntimeError(
                "The Flask-DebugToolbar requires the 'SECRET_KEY' config "
                "var to be set")

In particular, when using Flask-Session with a non-cookie-based SESSION_TYPE, is SECRET_KEY still necessary? Would proposing a PR that removes the above altogether be reasonable, given that session itself already raises

RuntimeError: The session is unavailable because no secret key was set. Set the secret_key on the application to something unique and secret.

when SECRET_KEY isn't set?

[davidism]

SECRET_KEY is for anything that needs a secret key, not only the session. For example, the toolbar's SQLAlchemy panel uses it to sign sql queries for inspection later.