Skip to content

Commit

Permalink
Merge pull request pallets#4301 from kkirsche/secret_key_via_secrets
Browse files Browse the repository at this point in the history
use secrets module for SECRET_KEY generation in docs
  • Loading branch information
davidism authored Oct 13, 2021
2 parents 8ddf80c + 58a08a1 commit c5ed6c5
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 9 deletions.
8 changes: 4 additions & 4 deletions docs/config.rst
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ method::

app.config.update(
TESTING=True,
SECRET_KEY=b'_5#y2L"F4Q8z\n\xec]/'
SECRET_KEY='192b9bdd22ab9ed4d12e236c78afcb9a393ec15f71bbf5dc987d54727823bcbf'
)


Expand Down Expand Up @@ -180,8 +180,8 @@ The following configuration values are used internally by Flask:
application. It should be a long random ``bytes`` or ``str``. For
example, copy the output of this to your config::

$ python -c 'import os; print(os.urandom(16))'
b'_5#y2L"F4Q8z\n\xec]/'
$ python -c 'import secrets; print(secrets.token_hex()))'
'192b9bdd22ab9ed4d12e236c78afcb9a393ec15f71bbf5dc987d54727823bcbf'

**Do not reveal the secret key when posting questions or committing code.**

Expand Down Expand Up @@ -468,7 +468,7 @@ sure to use uppercase letters for your config keys.
Here is an example of a configuration file::

# Example configuration
SECRET_KEY = b'_5#y2L"F4Q8z\n\xec]/'
SECRET_KEY = '192b9bdd22ab9ed4d12e236c78afcb9a393ec15f71bbf5dc987d54727823bcbf'

Make sure to load the configuration very early on, so that extensions have
the ability to access the configuration when starting up. There are other
Expand Down
4 changes: 2 additions & 2 deletions docs/quickstart.rst
Original file line number Diff line number Diff line change
Expand Up @@ -847,8 +847,8 @@ sessions work::
generator. Use the following command to quickly generate a value for
:attr:`Flask.secret_key` (or :data:`SECRET_KEY`)::

$ python -c 'import os; print(os.urandom(16))'
b'_5#y2L"F4Q8z\n\xec]/'
$ python -c 'import secrets; print(secrets.token_hex())'
'192b9bdd22ab9ed4d12e236c78afcb9a393ec15f71bbf5dc987d54727823bcbf'

A note on cookie-based sessions: Flask will take the values you put into the
session object and serialize them into a cookie. If you are finding some
Expand Down
6 changes: 3 additions & 3 deletions docs/tutorial/deploy.rst
Original file line number Diff line number Diff line change
Expand Up @@ -88,17 +88,17 @@ You can use the following command to output a random secret key:

.. code-block:: none
$ python -c 'import os; print(os.urandom(16))'
$ python -c 'import secrets; print(secrets.token_hex())'
b'_5#y2L"F4Q8z\n\xec]/'
'192b9bdd22ab9ed4d12e236c78afcb9a393ec15f71bbf5dc987d54727823bcbf'
Create the ``config.py`` file in the instance folder, which the factory
will read from if it exists. Copy the generated value into it.

.. code-block:: python
:caption: ``venv/var/flaskr-instance/config.py``
SECRET_KEY = b'_5#y2L"F4Q8z\n\xec]/'
SECRET_KEY = '192b9bdd22ab9ed4d12e236c78afcb9a393ec15f71bbf5dc987d54727823bcbf'
You can also set any other necessary configuration here, although
``SECRET_KEY`` is the only one needed for Flaskr.
Expand Down

0 comments on commit c5ed6c5

Please sign in to comment.