Skip to main content

Django Secret Key

Description#

General#

Revoke the secret#

To revoke the key, a new secret needs to be generated. All sessions or cookies signed with the key will be invalided.

Check for suspicious activity#

Django doesn't provide a way to check for suspicious activity.

Details for Secret key in django config#

  • Family: Other

  • Category: Other

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 700.38

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions: []  banlist_filenames:  - advanced-django2019/  - basic_django/  - codingtest  - course  - demo/  - dev.*\.py$  - django-simple-select/  - django_blog/  - example/  - example\.py$  - examples/  - exercise  - gettingstarted/  - local\.py$  - shop_projectws9/  - test/  - test\.py$  - trydjango/  - tutorial/  - tutorialdjango/  check_binaries: false  include_default_banlist_extensions: true  ban_markup: true- type: ContentWhitelistPreValidator  patterns:  - django- type: ContentWhitelistPreValidator  patterns:  - django_secret  - secret_key

Examples#

- text: |    +SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY','wwf*2#86t64!fgh6yav$aoeuo@u2o@fy&*gg76q!&%4i_tbouau')  filename: settings.py  apikey: "wwf*2#86t64!fgh6yav$aoeuo@u2o@fy&*gg76q!&%4i_tbouau"- text: |    +SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY','wwf*2#86t64!fgh6yav$aoeuo@u2o@fy&*gg76q!&%4i_tbouau')  filename: django_env.py  apikey: "wwf*2#86t64!fgh6yav$aoeuo@u2o@fy&*gg76q!&%4i_tbouau"