Skip to main content

Django Secret Key

Description#

General#

  • Summary: The Django secret key is used to provide cryptographic signing. This key is mostly used to sign session cookies. If one were to have this key, they would be able to modify the cookies sent by the application.

Revoke the secret#

To revoke the key, a new secret needs to be generated. All sessions or cookies signed with the key will be invalided.

Check for suspicious activity#

Django doesn't provide a way to check for suspicious activity.

Details for Secret key in django config#

  • Category: Development tool

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 700.38

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames:  - advanced-django2019/  - basic_django/  - codingtest  - course  - demo/  - dev.*\.py$  - django-simple-select/  - django_blog/  - example/  - example\.py$  - examples/  - exercise  - gettingstarted/  - local\.py$  - shop_projectws9/  - test/  - test\.py$  - trydjango/  - tutorial/  - tutorialdjango/  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - django- type: ContentWhitelistPreValidator  patterns:  - secret  - key  - token

Examples#

- text: |    +SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY','wwf*2#86t64!fgh6yav$aoeuo@u2o@fy&*gg76q!&%4i_tbouau')  filename: settings.py  apikey: "wwf*2#86t64!fgh6yav$aoeuo@u2o@fy&*gg76q!&%4i_tbouau"- text: |    +SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY','wwf*2#86t64!fgh6yav$aoeuo@u2o@fy&*gg76q!&%4i_tbouau')  filename: django_env.py  apikey: "wwf*2#86t64!fgh6yav$aoeuo@u2o@fy&*gg76q!&%4i_tbouau"