#36782: Add management command for generating a Django SECRET_KEY
-------------------------------------+-------------------------------------
Reporter: joe-philip | Owner: joe-
| philip
Type: New feature | Status: assigned
Component: Core (Management | Version: 6.0
commands) |
Severity: Normal | Resolution:
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Description changed by joe-philip:
Old description:
> ### **Summary**
>
> Django provides a utility function,
> `django.core.management.utils.get_random_secret_key()`, for generating
> cryptographically secure secret keys. However, Django does not currently
> offer a built-in `django-admin` or `manage.py` command to generate a new
> SECRET_KEY for production use.
>
> Developers frequently need to generate a proper secret key when:
>
> * deploying to production,
> * regenerating keys for CI/CD pipelines,
> * creating new environments,
> * or building automation scripts.
>
> Since Django encourages using a strong, unique secret key in production,
> providing a first-class management command improves the developer
> experience and aligns with Django's philosophy of offering batteries-
> included tools.
>
> ---
>
> ### **Proposed Feature**
>
> Introduce a new management command:
>
> ```
> python manage.py generate_secret_key
> ```
>
> This command would output a securely generated secret key using Django's
> existing function:
>
> ```python
> get_random_secret_key()
> ```
>
> ### **Example Output**
>
> ```
> g6v#s-!98=u&1xp$@1g&3s5)k5a(4l#1$g@)n#hjz9c4
> ```
>
> ---
>
> ### **Rationale**
>
> 1. **Consistency** – Django already provides the function but not an
> accessible command.
> 2. **Developer convenience** – Users currently rely on third-party
> snippets, shell scripts, or copy-paste from docs.
> 3. **Security** – Encourages developers to use Django’s own
> cryptographically strong generator rather than unsafe or custom-made
> solutions.
> 4. **Automation** – Useful for scripts, CI pipelines, container builds,
> and provisioning tools.
>
> ---
>
> ### **Proposed Implementation**
>
> A new command under:
>
> ```
> django/core/management/commands/generate_secret_key.py
> ```
>
> Example implementation:
>
> ```python
> from django.core.management.base import BaseCommand
> from django.core.management.utils import get_random_secret_key
>
> class Command(BaseCommand):
> help = "Generate a new Django SECRET_KEY."
>
> def handle(self, *args, **options):
> self.stdout.write(get_random_secret_key())
> ```
>
> ---
>
> ### **Documentation**
>
> Add a section to `docs/ref/django-admin.txt` describing the new command
> with usage examples.
>
> ---
>
> ### **Tests**
>
> A test would be added to ensure:
>
> * The command runs successfully.
> * The output is a string.
> * The generated key meets expected length and randomness criteria.
>
> Example:
>
> ```python
> from django.core.management import call_command
> from django.test import SimpleTestCase
>
> class GenerateSecretKeyTests(SimpleTestCase):
> def test_generates_valid_key(self):
> key = call_command('generate_secret_key', stdout=None)
> self.assertIsInstance(key, str)
> self.assertGreater(len(key), 30)
> ```
New description:
**Summary**
Django provides a utility function,
`django.core.management.utils.get_random_secret_key()`, for generating
cryptographically secure secret keys. However, Django does not currently
offer a built-in `django-admin` or `manage.py` command to generate a new
SECRET_KEY for production use.
Developers frequently need to generate a proper secret key when:
* deploying to production,
* regenerating keys for CI/CD pipelines,
* creating new environments,
* or building automation scripts.
Since Django encourages using a strong, unique secret key in production,
providing a first-class management command improves the developer
experience and aligns with Django's philosophy of offering batteries-
included tools.
---
**Proposed Feature**
Introduce a new management command:
```
python manage.py generate_secret_key
```
This command would output a securely generated secret key using Django's
existing function:
```python
get_random_secret_key()
```
**Example Output**
```
g6v#s-!98=u&1xp$@1g&3s5)k5a(4l#1$g@)n#hjz9c4
```
---
**Rationale**
1. **Consistency** – Django already provides the function but not an
accessible command.
2. **Developer convenience** – Users currently rely on third-party
snippets, shell scripts, or copy-paste from docs.
3. **Security** – Encourages developers to use Django’s own
cryptographically strong generator rather than unsafe or custom-made
solutions.
4. **Automation** – Useful for scripts, CI pipelines, container builds,
and provisioning tools.
---
**Proposed Implementation**
A new command under:
```
django/core/management/commands/generate_secret_key.py
```
Example implementation:
```python
from django.core.management.base import BaseCommand
from django.core.management.utils import get_random_secret_key
class Command(BaseCommand):
help = "Generate a new Django SECRET_KEY."
def handle(self, *args, **options):
self.stdout.write(get_random_secret_key())
```
---
**Documentation**
Add a section to `docs/ref/django-admin.txt` describing the new command
with usage examples.
---
**Tests**
A test would be added to ensure:
* The command runs successfully.
* The output is a string.
* The generated key meets expected length and randomness criteria.
Example:
```python
from django.core.management import call_command
from django.test import SimpleTestCase
class GenerateSecretKeyTests(SimpleTestCase):
def test_generates_valid_key(self):
key = call_command('generate_secret_key', stdout=None)
self.assertIsInstance(key, str)
self.assertGreater(len(key), 30)
```
--
--
Ticket URL: <https://code.djangoproject.com/ticket/36782#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/0107019afdcf18d5-620fdbbb-37f7-490e-b731-edf83be1933d-000000%40eu-central-1.amazonses.com.
