I am trying to set up Flask-Debugtoolbar, but I get the message "DebugToolBar requires a SECRET_KEY". Where do I get the secret key?
Description. Each Flask web application contains a secret key which used to sign session cookies for protection against cookie data tampering. It's very important that an attacker doesn't know the value of this secret key. Your application is using a weak/known secret key and Acunetix managed to guess this key.
Method 1: Use os
in Python 2/3:
>>> import os >>> os.urandom(12) '\xf0?a\x9a\\\xff\xd4;\x0c\xcbHi'
Method 2: Use uuid
in Python 2/3:
>>> import uuid >>> uuid.uuid4().hex '3d6f45a5fc12445dbac2f59c3b6c7cb1'
Method 3: Use secrets
in Python >= 3.6:
>>> import secrets >>> secrets.token_urlsafe(16) 'Drmhze6EPcv0fN_81Bj-nA' >>> secrets.token_hex(16) '8f42a73054b1749f8f58848be5e6502c'
Method 4: Use os
in Python 3:
>>> import os >>> os.urandom(12).hex() 'f3cfe9ed8fae309f02079dbf'
Method 1: Use app.secret_key
:
app.secret_key = 'the random string'
Method 2: Use app.config
:
app.config['SECRET_KEY'] = 'the random string'
Method 3: Put it in your config file:
SECRET_KEY = 'the random string'
Then load the config form config file:
app.config.from_pyfile('config.py') # if your config file's name is config.py
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With