Menu
I wrote an ansible-role for openwisp2 to ease its deployment, it's a series of django apps. To ease the deployment as much as possible, I wrote a simple (probably trivial) SECRET_KEY generator script which is called by ansible to generate the secret key the first time the ansible playbook is run.
Now, that works fine BUT I think it defeats the built-in security measures Django has in generating a strong key which is also very hard to guess.
At the time I looked at other ways of doing it but didn't find much, now I wonder: is there a function for generating settings.SECRET_KEY in django?
That would avoid this kind of home baked solutions that even though they work they are not effective when it comes to security.
264
Summary: The Django secret key is used to provide cryptographic signing. This key is mostly used to sign session cookies. If one were to have this key, they would be able to modify the cookies sent by the application.
SECRET_KEY has always 50 characters of length.
Note that this may not be safe to use for production, as S Ghosh is pointing out in a post below. But copy and paste this after running django-admin shell for example to quickly get a key.
from django.core.management.utils import get_random_secret_key get_random_secret_key() If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
