In this post, you’re going to learn about the Django secret key, what it is used for, and how to generate it for your Django project.
Table of Contents: Django Generate a Secret Key
- What is a Django secret key?
- Generate Secret Key in Django Using get_random_secret_key() function
- Step 1: Access the Python Interactive Shell
- Step 2: Import the get_random_secret_key() function from django.core.management.utils.
- Step 3: Generate the Secret Key in the Terminal using the get_random_secret_key() function
- Step 4: Copy and Paste the Key into your SECRET_KEY variable in the settings.py
- Generate Secret Key in Django Using Secret Key Generator
- How to Keep Your Secret Key Safe
What is a Django secret key?
To perform cryptographic signing, or to create hashes and tokens for sensitive information like csrf tokens, password reset tokens, etc, Django makes use of a salt stored in the SECRET KEY variable. Anyone with our SECRET KEY may create their own copies of our hashes and tokens. Consequently, keeping the SECRET KEY secure is crucial.
An initial SECRET KEY value is generated automatically in the
settings.py file whenever a new Django project is created using the startproject command.
You may wish to generate and change the secret key for your Django project for a variety of reasons. One of the numerous reasons is if the SECRET KEY is made public.
In the next sections, you’ll learn how to generate a Django SECRET_KEY.
Generate Secret Key in Django Using
Django provides us a function called
get_random_secret_key() to help us generate a secret key. This function gives back a string of 50 characters with random characters.
get_random_secret_key() is the official way of generating a secret key in Django. In this post, we’ll generate a Django secret key in the Interactive shell then we will copy and paste it into the settings.py file.
Follow the steps below to generate a Django secret key:
- Access the Python Interactive Shell
- Generate the Secret Key in the Terminal using the
- Copy and Paste the Key into your
SECRET_KEYvariable in the
Let’s get into detail for each of the steps:
Step 1: Access the Python Interactive Shell
To access the Python Interactive shell, run the following command in the terminal of your Django project:
(env) $ python manage.py shell
To show that you’re now in the shell, each new line of your terminal will be prefixed with
>>> as you run the commands.
Step 2: Import the
get_random_secret_key() function from
We can access the
get_random_secret_key() function is from
django.core.management.utils therefore we first have to make an import statement from that package before we can generate the Django secret key. Run the following command and hit Enter.
>>> from django.core.management.utils import get_random_secret_key
Step 3: Generate the Secret Key in the Terminal using the
On the next line we can now use the function to generate the secret key as follows:
>>> print(get_random_secret_key()) gw^9ej(l4vq%d_06xig$vw+b(-@#00@8l7jlv77=sq5r_sf3nu
The Random secret key will be generated on the next line. Yours will be of course different from what’s shown above since it is random.
Step 4: Copy and Paste the Key into your SECRET_KEY variable in the settings.py
Now copy the Django secret key that has been generated and paste it into the SECRET_KEY variable in your settings.py file:
# SECURITY WARNING: keep the secret key used in production secret! SECRET_KEY = 'dgw^9ej(l4vq%d_06xig$vw+b(-@#00@8l7jlv77=sq5r_sf3nu'
If you look closely, above the variable is a comment which says
SECURITY WARNING: keep the secret key used in production secret!. To keep your SECRET_KEY secret, you have to use environment variables.
Generate Secret Key in Django Using Secret Key Generator
There are many tools on the internet that have been created to generate Django secret keys for you. The best one I’ve found is Djecrety. To use Djecrety, simply go to the homepage and click on the generate button and it will generate the secret key for you. Copy the Key and use it as your Django Secret key
Apart from providing the service of generating a Django secret key on the web. It also has a Django package you can use directly in your Django project.
How to Keep Your Secret Key Safe
In production, it is not a good idea to leave your Secret Key exposed in the settings.py file. This is because anyone can know it and use it for other malicious purposes. It’s also not a good idea to do the same when you’re uploading your Django project to Github. To hide your Django secret key, you have to utilize environment variables.