settings: Make sure the base settings doesn't use a hardcoded SECRET_KEY

Either use the randomly generated key or override this value in your own settings file.
ThreeSixtyGiving · Aug 24, 2021 · 3472688 · 3472688
1 parent 94cf545
commit 3472688
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/datastore/settings/settings.py b/datastore/settings/settings.py
@@ -11,8 +11,11 @@
 """
 
 import os
+
 import environ
 
+from django.utils.crypto import get_random_string
+
 env = environ.Env(  # set default values and casting
     # TODO could use $XDG_RUNTIME_DIR ?
     DATA_RUN_PID_FILE=(str, "/var/run/user/%s/datarun.pid" % os.getuid()),
@@ -26,8 +29,9 @@
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/2.2/howto/deployment/checklist/
 
-# SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = "uo!#)vsu)6@)-u1l#1yvaa2_@9*pb8+662jx-(u=0kw*1k8+(9"
+SECRET_KEY = get_random_string(50,
+                               "abcdefghijklmnopqrstuvwxyz0123456789!@#%^&*(-_=+")
+
 
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True