Django Secret Key
#
Description#
General- Documentation: https://docs.djangoproject.com/en/2.2/ref/settings/#std:setting-SECRET_KEY
- Summary: The Django secret key is used to provide cryptographic signing. This key is mostly used to sign session cookies. If one were to have this key, they would be able to modify the cookies sent by the application.
#
Revoke the secretTo revoke the key, a new secret needs to be generated. All sessions or cookies signed with the key will be invalided.
#
Check for suspicious activityDjango doesn't provide a way to check for suspicious activity.
Secret key in django config
#
Details for Family: Other
Category: Other
High recall: False
Validity check available: False
Minimum number of matches: 1
Occurrences found for one million commits: 700.38
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: - advanced-django2019/ - basic_django/ - codingtest - course - demo/ - dev.*\.py$ - django-simple-select/ - django_blog/ - example/ - example\.py$ - examples/ - exercise - gettingstarted/ - local\.py$ - shop_projectws9/ - test/ - test\.py$ - trydjango/ - tutorial/ - tutorialdjango/ check_binaries: false include_default_banlist_extensions: true ban_markup: true- type: ContentWhitelistPreValidator patterns: - django- type: ContentWhitelistPreValidator patterns: - django_secret - secret_key
#
Examples- text: | +SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY','wwf*2#86t64!fgh6yav$aoeuo@u2o@fy&*gg76q!&%4i_tbouau') filename: settings.py apikey: "wwf*2#86t64!fgh6yav$aoeuo@u2o@fy&*gg76q!&%4i_tbouau"- text: | +SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY','wwf*2#86t64!fgh6yav$aoeuo@u2o@fy&*gg76q!&%4i_tbouau') filename: django_env.py apikey: "wwf*2#86t64!fgh6yav$aoeuo@u2o@fy&*gg76q!&%4i_tbouau"