Remove static secret key

kisec · Jan 20, 2017 · 8e96a5b · 8e96a5b
1 parent 488a0bb
commit 8e96a5b
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/.gitignore b/.gitignore
@@ -82,4 +82,5 @@ yararules/testing.yar
 *.bak
 
 # DB
-voladmin
+voladmin
+secret_key.py
diff --git a/volgui/settings.py b/volgui/settings.py
@@ -11,6 +11,7 @@
 """
 
 import os
+from django.utils.crypto import get_random_string
 
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
@@ -20,7 +21,16 @@
 # See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = 'kek7(%1#&bk1b*g(c2uz9r4d5-5)2919u6#4g3dfx4gu!njewc'
+# Generate a new key if none exists
+# https://stackoverflow.com/questions/4664724/distributing-django-projects-with-unique-secret-keys
+
+try:
+    from secret_key import *
+except ImportError:
+    with open('secret_key.py', 'w') as out:
+        chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)'
+        out.write("SECRET_KEY = '{0}'".format(get_random_string(50, chars)))
+    from secret_key import *
 
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True