Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#24448 closed New feature (wontfix)

Add a management command to generate new SECRET_KEY

Reported by: Wim Feijen Owned by: nobody
Component: Uncategorized Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no



My proposal is to add a command or command which generates a new SECRET_KEY in order to improve safety.

Sometimes I copy projects. I'd like to change the SECRET_KEY then. As far as I know, there is no (documented) way to generate a new SECRET_KEY, except for creating a new online project and copying that key.

Or I could implement a random function myself (which might be actually worse implemented then django's default key generation), or I could use the first Google hit to generate a key over an insecure connection. Both raise my safety concerns.

Change History (3)

comment:1 Changed 9 years ago by Wim Feijen

Easy pickings: set

comment:2 Changed 9 years ago by Tim Graham

Resolution: wontfix
Status: newclosed

I don't see this as something Django needs to provide. My understanding is that any random string is fine. There are online generators that use https. I'm averse to adding management commands for every little task as there are overheads for code, docs, and tests. If someone has stronger arguments, please reopen or use the DevelopersMailingList for discussion. Thanks!

comment:3 Changed 9 years ago by Tim Graham

Summary: generate new SECRET_KEY commandAdd a management command to generate new SECRET_KEY
Note: See TracTickets for help on using tickets.
Back to Top