Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#24448 closed New feature (wontfix)

Add a management command to generate new SECRET_KEY

Reported by: Wim Feijen Owned by: nobody
Component: Uncategorized Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

Hi,

My proposal is to add a django-admin.py command or manage.py command which generates a new SECRET_KEY in order to improve safety.

Sometimes I copy projects. I'd like to change the SECRET_KEY then. As far as I know, there is no (documented) way to generate a new SECRET_KEY, except for creating a new online project and copying that key.

Or I could implement a random function myself (which might be actually worse implemented then django's default key generation), or I could use the first Google hit to generate a key over an insecure connection. Both raise my safety concerns.

Change History (3)

comment:1 by Wim Feijen, 10 years ago

Easy pickings: set

comment:2 by Tim Graham, 10 years ago

Resolution: wontfix
Status: newclosed

I don't see this as something Django needs to provide. My understanding is that any random string is fine. There are online generators that use https. I'm averse to adding management commands for every little task as there are overheads for code, docs, and tests. If someone has stronger arguments, please reopen or use the DevelopersMailingList for discussion. Thanks!

comment:3 by Tim Graham, 10 years ago

Summary: generate new SECRET_KEY commandAdd a management command to generate new SECRET_KEY
Note: See TracTickets for help on using tickets.
Back to Top