id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
31890	Use keyring for setting SECRET_KEY.	Thomas Grainger	nobody	"managing the django SECRET_KEY for new projects is a bit of a pain and easy to end up either committing the SECRET_KEY to source control or copying a SECRET_KEY from a blog post.

Generating and storing a secret key in the system keyring adds some complexity, but it a much more sensible default

using some code like this:

{{{

from django.core.management.utils import get_random_secret_key

import keyring

def _get(settings_module):
    return keyring.get_password(settings_module, ""SECRET_KEY"")


def _create():
    password = get_random_secret_key()
    keyring.set_password(settings_module, ""SECRET_KEY"", password)
    return password


def get_or_create(settings_module):
    return _get(settings_module) or _create(settings_module)
}}}


it can be used explicitly in a settings module like:


{{{
SECRET_KEY = get_or_create(__name__)
}}}


or in the LazySettings like this

{{{

        elif name == 'SECRET_KEY' and not val:
            return get_or_create(self._wrapped.SETTINGS_MODULE)
            # raise ImproperlyConfigured(""The SECRET_KEY setting must not be empty."")

}}}


while this is mostly useful in development, it's also useful in production where you can plug a credential provider into keyring such as https://github.com/FindHotel/s3keyring"	New feature	closed	Core (Other)	3.1	Normal	wontfix			Unreviewed	0	0	0	0	0	0