Managing the Django SECRET_KEY variable
The Django SECRET_KEY
variable is very crucial to your Django application. The secret key must be a large random value and it must be kept secret. Leaking this value to unauthorized people could lead to a security breach. The SECRET_KEY is used in Django for cryptographic signing. It is used to generate tokens and hashes, they can be recreated using this variable. If it is not configured Django throws a django.core.exceptions.ImproperlyConfigured: The SECRET_KEY setting must not be empty
error
Using Environment Variables
The secret key should not be committed to version control. It is best practice to store the value in a .env file which is added to the .gitignore file to un-track its changes. The values can be loaded programmatically into your settings.py file.
Generating A New Secret Key
This solution is using Python's secrets lib on the back
from django.core.management.utils import get_random_secret_key
# print new random secret key
print(get_random_secret_key())
This code can be run in the terminal as a command:
python -c 'from django.core.management.utils import get_random_secret_key; \
print(get_random_secret_key())'
Alternatively, If you are using Python 3.6+ then you can use the secrets.token_hex(\[nbytes=None])
function:
python3 -c 'import secrets; print(secrets.token_hex(100))'
This article was originally published at: https://andwati.github.io/posts/generate-django-secret-key/