How to Generate a Secret Key in Django

In this post, you’re going to learn about the Django secret key, what it is used for, and how to generate it for your Django project.

Table of Contents: Django Generate a Secret Key

What is a Django secret key?

To perform cryptographic signing, or to create hashes and tokens for sensitive information like csrf tokens, password reset tokens, etc, Django makes use of a salt stored in the SECRET KEY variable. Anyone with our SECRET KEY may create their own copies of our hashes and tokens. Consequently, keeping the SECRET KEY secure is crucial.

An initial SECRET KEY value is generated automatically in the settings.py file whenever a new Django project is created using the startproject command.

You may wish to generate and change the secret key for your Django project for a variety of reasons. One of the numerous reasons is if the SECRET KEY is made public.

In the next sections, you’ll learn how to generate a Django SECRET_KEY.

Generate Secret Key in Django Using get_random_secret_key() function

Django provides us a function called get_random_secret_key() to help us generate a secret key. This function gives back a string of 50 characters with random characters.

Using the get_random_secret_key() is the official way of generating a secret key in Django. In this post, we’ll generate a Django secret key in the Interactive shell then we will copy and paste it into the settings.py file.

Follow the steps below to generate a Django secret key:

  1. Access the Python Interactive Shell
  2. Import get_random_secret_key() from django.core.management.utils.
  3. Generate the Secret Key in the Terminal using the get_random_secret_key() function
  4. Copy and Paste the Key into your SECRET_KEY variable in the settings.py

Let’s get into detail for each of the steps:

Step 1: Access the Python Interactive Shell

To access the Python Interactive shell, run the following command in the terminal of your Django project:

(env) $ python manage.py shell

To show that you’re now in the shell, each new line of your terminal will be prefixed with >>> as you run the commands.

Step 2: Import the get_random_secret_key() function from django.core.management.utils.

We can access theget_random_secret_key() function is from django.core.management.utils therefore we first have to make an import statement from that package before we can generate the Django secret key. Run the following command and hit Enter.

>>> from django.core.management.utils import get_random_secret_key

Step 3: Generate the Secret Key in the Terminal using the get_random_secret_key() function

On the next line we can now use the function to generate the secret key as follows:

>>> print(get_random_secret_key())
gw^9ej(l4vq%d_06xig$vw+b(-@#00@8l7jlv77=sq5r_sf3nu

The Random secret key will be generated on the next line. Yours will be of course different from what’s shown above since it is random.

Step 4: Copy and Paste the Key into your SECRET_KEY variable in the settings.py

Now copy the Django secret key that has been generated and paste it into the SECRET_KEY variable in your settings.py file:

# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'dgw^9ej(l4vq%d_06xig$vw+b(-@#00@8l7jlv77=sq5r_sf3nu'

If you look closely, above the variable is a comment which says SECURITY WARNING: keep the secret key used in production secret!. To keep your SECRET_KEY secret, you have to use environment variables.

Generate Secret Key in Django Using Secret Key Generator

There are many tools on the internet that have been created to generate Django secret keys for you. The best one I’ve found is Djecrety. To use Djecrety, simply go to the homepage and click on the generate button and it will generate the secret key for you. Copy the Key and use it as your Django Secret key

Apart from providing the service of generating a Django secret key on the web. It also has a Django package you can use directly in your Django project.

How to Keep Your Secret Key Safe

In production, it is not a good idea to leave your Secret Key exposed in the settings.py file. This is because anyone can know it and use it for other malicious purposes. It’s also not a good idea to do the same when you’re uploading your Django project to Github. To hide your Django secret key, you have to utilize environment variables.

Stephen Mclin
Stephen Mclin

Hey, I'm Steve; I write about Python and Django as if I'm teaching myself. CodingGear is sort of like my learning notes, but for all of us. Hope you'll love the content!

Articles: 90