#24448 closed New feature (wontfix)
Add a management command to generate new SECRET_KEY
| Reported by: | Wim Feijen | Owned by: | nobody |
|---|---|---|---|
| Component: | Uncategorized | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | yes | UI/UX: | no |
Description
Hi,
My proposal is to add a django-admin.py command or manage.py command which generates a new SECRET_KEY in order to improve safety.
Sometimes I copy projects. I'd like to change the SECRET_KEY then. As far as I know, there is no (documented) way to generate a new SECRET_KEY, except for creating a new online project and copying that key.
Or I could implement a random function myself (which might be actually worse implemented then django's default key generation), or I could use the first Google hit to generate a key over an insecure connection. Both raise my safety concerns.
Change History (3)
comment:1 by , 9 years ago
| Easy pickings: | set |
|---|
comment:2 by , 9 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
comment:3 by , 9 years ago
| Summary: | generate new SECRET_KEY command → Add a management command to generate new SECRET_KEY |
|---|
Note:
See TracTickets
for help on using tickets.
I don't see this as something Django needs to provide. My understanding is that any random string is fine. There are online generators that use https. I'm averse to adding management commands for every little task as there are overheads for code, docs, and tests. If someone has stronger arguments, please reopen or use the DevelopersMailingList for discussion. Thanks!