Opened 5 years ago
Closed 5 years ago
#32451 closed New feature (duplicate)
Management command to securely generate a secret key
| Reported by: | Jake Howard | Owned by: | nobody |
|---|---|---|---|
| Component: | Core (Management commands) | Version: | 3.1 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Django's startproject command does generate a secret key for you in a secure way for your newly created Django project. But it's good practice to have a different key for each environment, whether that be development, staging or production. Therefore, there's a need to generate one after a project has been setup, when you're creating a new environment or starting a project from something other than startproject. The method used to generate (get_random_secret_key) seems to be undocumented, and yet its implementation details are rather important (the fact it's not just random.choice).
I recently wrote (https://github.com/RealOrangeOne/django-secret-key-generator) a web app to generate a SECRET_KEY in a similarly secure way (more secure than the other ones out there), but it'd be great to have a simple management command to securely generate a key (using the existing get_random_secret_key util) so it could be easily set in a project, and thus share the original implementation.
Does this (management command + documenting get_random_secret_key) sound like a good idea? I'm happy to submit a patch myself.
Change History (2)
comment:1 by , 5 years ago
| Component: | Uncategorized → Core (Management commands) |
|---|
comment:2 by , 5 years ago
| Resolution: | → duplicate |
|---|---|
| Status: | new → closed |
Duplicate of #24448.