use secrets instead of os.urandom

flipcoder · Oct 13, 2021 · 58a08a1 · 58a08a1
1 parent 8ddf80c
commit 58a08a1
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 9 deletions.
diff --git a/docs/config.rst b/docs/config.rst
@@ -38,7 +38,7 @@ method::
 
     app.config.update(
         TESTING=True,
-        SECRET_KEY=b'_5#y2L"F4Q8z\n\xec]/'
+        SECRET_KEY='192b9bdd22ab9ed4d12e236c78afcb9a393ec15f71bbf5dc987d54727823bcbf'
     )
 
 
@@ -180,8 +180,8 @@ The following configuration values are used internally by Flask:
     application. It should be a long random ``bytes`` or ``str``. For
     example, copy the output of this to your config::
 
-        $ python -c 'import os; print(os.urandom(16))'
-        b'_5#y2L"F4Q8z\n\xec]/'
+        $ python -c 'import secrets; print(secrets.token_hex()))'
+        '192b9bdd22ab9ed4d12e236c78afcb9a393ec15f71bbf5dc987d54727823bcbf'
 
     **Do not reveal the secret key when posting questions or committing code.**
 
@@ -468,7 +468,7 @@ sure to use uppercase letters for your config keys.
 Here is an example of a configuration file::
 
     # Example configuration
-    SECRET_KEY = b'_5#y2L"F4Q8z\n\xec]/'
+    SECRET_KEY = '192b9bdd22ab9ed4d12e236c78afcb9a393ec15f71bbf5dc987d54727823bcbf'
 
 Make sure to load the configuration very early on, so that extensions have
 the ability to access the configuration when starting up.  There are other

diff --git a/docs/quickstart.rst b/docs/quickstart.rst
@@ -847,8 +847,8 @@ sessions work::
     generator. Use the following command to quickly generate a value for
     :attr:`Flask.secret_key` (or :data:`SECRET_KEY`)::
 
-        $ python -c 'import os; print(os.urandom(16))'
-        b'_5#y2L"F4Q8z\n\xec]/'
+        $ python -c 'import secrets; print(secrets.token_hex())'
+        '192b9bdd22ab9ed4d12e236c78afcb9a393ec15f71bbf5dc987d54727823bcbf'
 
 A note on cookie-based sessions: Flask will take the values you put into the
 session object and serialize them into a cookie.  If you are finding some

diff --git a/docs/tutorial/deploy.rst b/docs/tutorial/deploy.rst
@@ -88,17 +88,17 @@ You can use the following command to output a random secret key:
 
 .. code-block:: none
 
-    $ python -c 'import os; print(os.urandom(16))'
+    $ python -c 'import secrets; print(secrets.token_hex())'
 
-    b'_5#y2L"F4Q8z\n\xec]/'
+    '192b9bdd22ab9ed4d12e236c78afcb9a393ec15f71bbf5dc987d54727823bcbf'
 
 Create the ``config.py`` file in the instance folder, which the factory
 will read from if it exists. Copy the generated value into it.
 
 .. code-block:: python
     :caption: ``venv/var/flaskr-instance/config.py``
 
-    SECRET_KEY = b'_5#y2L"F4Q8z\n\xec]/'
+    SECRET_KEY = '192b9bdd22ab9ed4d12e236c78afcb9a393ec15f71bbf5dc987d54727823bcbf'
 
 You can also set any other necessary configuration here, although
 ``SECRET_KEY`` is the only one needed for Flaskr.