get_random_secret_key not documented!?

76 views
Skip to first unread message

Sam

unread,
May 16, 2022, 8:09:36 AMMay 16
to Django developers (Contributions to Django itself)
In the DigitalOcean documentation I just found that they use
`from django.core.management.utils import get_random_secret_key`
to generate a new, unique secret key.

I didn't know that there was such a function.
and the get_random_secret_key function seems to be not documented so far.

Is this the recommended way to generate secret keys for Django apps?
If that's the case wouldn't it make sense to write a piece of documentation for that?

Kind regards,
Samuel✌

Fab

unread,
Jun 1, 2022, 5:22:15 AMJun 1
to Django developers (Contributions to Django itself)
There isn't a recommended way so you can generate it however you want. The function is used in the startproject command for convenience.

Adam Johnson

unread,
Jun 1, 2022, 5:28:50 AMJun 1
to Django developers (Contributions to Django itself)
Python's secrets module has token_hex and a short recipe for generating random strings: https://docs.python.org/3.10/library/secrets.html#recipes-and-best-practices . I don't think Django needs to provide a public function here. I would advise Digital Ocean to recommend the secrets module.

--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/b2018ec8-0cc0-475e-8ede-81f10c1e193bn%40googlegroups.com.

epokeins

unread,
Jun 1, 2022, 5:42:21 AMJun 1
to 'Adam Johnson' via Django developers (Contributions to Django itself)

Thank you.

I thought every function should be documented and nobody realized that this one is not.
But if that's not the case maybe one should at least point out to the Python best practice which your just mentioned Adam.

I didn't know that recipe one so far.
But shouldn't almost everyone create another secret key at least once (for production)?

Then it would be great to describe (or link to) a recommend way to do it in the Django Docs, from my point of view.

You received this message because you are subscribed to a topic in the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/django-developers/0nHdj8X_v6Y/unsubscribe.
To unsubscribe from this group and all its topics, send an email to django-develop...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAMyDDM2TiTctT9uEL1gvy%3DGo8NfoYmYBUsuOx0LtS5TGgAKdAg%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages