Re: [Django] #36782: Add management command for generating a Django SECRET_KEY

[Django]

#36782: Add management command for generating a Django SECRET_KEY
-------------------------------------+-------------------------------------
     Reporter:  joe-philip           |                    Owner:  joe-
                                     |  philip
         Type:  New feature          |                   Status:  assigned
    Component:  Core (Management     |                  Version:  6.0
  commands)                          |
     Severity:  Normal               |               Resolution:
     Keywords:                       |             Triage Stage:
                                     |  Unreviewed
    Has patch:  0                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Description changed by joe-philip:

Old description:

> **Summary**
>
> Django provides a utility function,
> `django.core.management.utils.get_random_secret_key()`, for generating
> cryptographically secure secret keys. However, Django does not currently
> offer a built-in `django-admin` or `manage.py` command to generate a new
> SECRET_KEY for production use.
>
> Developers frequently need to generate a proper secret key when:
>
> * deploying to production,
> * regenerating keys for CI/CD pipelines,
> * creating new environments,
> * or building automation scripts.
>
> Since Django encourages using a strong, unique secret key in production,
> providing a first-class management command improves the developer
> experience and aligns with Django's philosophy of offering batteries-
> included tools.
>
> ---
>
> **Proposed Feature**
>
> Introduce a new management command:
>
> ```
> python manage.py generate_secret_key
> ```
>
> This command would output a securely generated secret key using Django's
> existing function:
>
> ```python
> get_random_secret_key()
> ```
>
> **Example Output**
>
> ```
> g6v#s-!98=u&1xp$@1g&3s5)k5a(4l#1$g@)n#hjz9c4
> ```
>
> ---
>
> **Rationale**
>
> 1. **Consistency** – Django already provides the function but not an
> accessible command.
> 2. **Developer convenience** – Users currently rely on third-party
> snippets, shell scripts, or copy-paste from docs.
> 3. **Security** – Encourages developers to use Django’s own
> cryptographically strong generator rather than unsafe or custom-made
> solutions.
> 4. **Automation** – Useful for scripts, CI pipelines, container builds,
> and provisioning tools.
>
> ---
>
> **Proposed Implementation**
>
> A new command under:
>
> ```
> django/core/management/commands/generate_secret_key.py
> ```
>
> Example implementation:
>
> ```python
> from django.core.management.base import BaseCommand
> from django.core.management.utils import get_random_secret_key
>
> class Command(BaseCommand):
>     help = "Generate a new Django SECRET_KEY."
>
>     def handle(self, *args, **options):
>         self.stdout.write(get_random_secret_key())
> ```
>
> ---
>
> **Documentation**
>
> Add a section to `docs/ref/django-admin.txt` describing the new command
> with usage examples.
>
> ---
>
> **Tests**
>
> A test would be added to ensure:
>
> * The command runs successfully.
> * The output is a string.
> * The generated key meets expected length and randomness criteria.
>
> Example:
>
> ```python
> from django.core.management import call_command
> from django.test import SimpleTestCase
>
> class GenerateSecretKeyTests(SimpleTestCase):
>     def test_generates_valid_key(self):
>         key = call_command('generate_secret_key', stdout=None)
>         self.assertIsInstance(key, str)
>         self.assertGreater(len(key), 30)
> ```

New description:

 **Summary**

 Django provides a utility function,
 `django.core.management.utils.get_random_secret_key()`, for generating
 cryptographically secure secret keys. However, Django does not currently
 offer a built-in `django-admin` or `manage.py` command to generate a new
 SECRET_KEY for production use.

 Developers frequently need to generate a proper secret key when:

 * deploying to production,
 * regenerating keys for CI/CD pipelines,
 * creating new environments,
 * or building automation scripts.

 Since Django encourages using a strong, unique secret key in production,
 providing a first-class management command improves the developer
 experience and aligns with Django's philosophy of offering batteries-
 included tools.

 ---

 **Proposed Feature**

 Introduce a new management command:


 ``
 python manage.py generate_secret_key
 ``

 This command would output a securely generated secret key using Django's
 existing function:

 ```python
 get_random_secret_key()
 ```

 **Example Output**

 ```
 g6v#s-!98=u&1xp$@1g&3s5)k5a(4l#1$g@)n#hjz9c4
 ```

 ---

 **Rationale**

 1. **Consistency** – Django already provides the function but not an
 accessible command.
 2. **Developer convenience** – Users currently rely on third-party
 snippets, shell scripts, or copy-paste from docs.
 3. **Security** – Encourages developers to use Django’s own
 cryptographically strong generator rather than unsafe or custom-made
 solutions.
 4. **Automation** – Useful for scripts, CI pipelines, container builds,
 and provisioning tools.

 ---

 **Proposed Implementation**

 A new command under:

 ```
 django/core/management/commands/generate_secret_key.py
 ```

 Example implementation:

 ```python
 from django.core.management.base import BaseCommand
 from django.core.management.utils import get_random_secret_key

 class Command(BaseCommand):
     help = "Generate a new Django SECRET_KEY."

     def handle(self, *args, **options):
         self.stdout.write(get_random_secret_key())
 ```

 ---

 **Documentation**

 Add a section to `docs/ref/django-admin.txt` describing the new command
 with usage examples.

 ---

 **Tests**

 A test would be added to ensure:

 * The command runs successfully.
 * The output is a string.
 * The generated key meets expected length and randomness criteria.

 Example:

 ```python
 from django.core.management import call_command
 from django.test import SimpleTestCase

 class GenerateSecretKeyTests(SimpleTestCase):
     def test_generates_valid_key(self):
         key = call_command('generate_secret_key', stdout=None)
         self.assertIsInstance(key, str)
         self.assertGreater(len(key), 30)
 ```

--
-- 
Ticket URL: <https://code.djangoproject.com/ticket/36782#comment:3>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion visit 
https://groups.google.com/d/msgid/django-updates/0107019afdd00d30-cbe0997f-53e5-4e21-8c5e-7b5b835816d9-000000%40eu-central-1.amazonses.com.