root
/
flask
mirror of https://github.com/pallets/flask.git
1
0
Fork 0
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge pull request #4301 from kkirsche/secret_key_via_secrets 

use secrets module for SECRET_KEY generation in docs
This commit is contained in:
David Lord 2021-10-13 08:39:29 -07:00 committed by GitHub
parent 8ddf80c3ea 58a08a1d73
commit c5ed6c5e77
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/config.rst
View File

@ -38,7 +38,7 @@ method::
app.config.update( app.config.update(
TESTING=True, TESTING=True,
SECRET_KEY=b'_5#y2L"F4Q8z\n\xec]/' SECRET_KEY='192b9bdd22ab9ed4d12e236c78afcb9a393ec15f71bbf5dc987d54727823bcbf'
) )
@ -180,8 +180,8 @@ The following configuration values are used internally by Flask:
application. It should be a long random ``bytes`` or ``str``. For application. It should be a long random ``bytes`` or ``str``. For
example, copy the output of this to your config:: example, copy the output of this to your config::
$ python -c 'import os; print(os.urandom(16))' $ python -c 'import secrets; print(secrets.token_hex()))'
b'_5#y2L"F4Q8z\n\xec]/' '192b9bdd22ab9ed4d12e236c78afcb9a393ec15f71bbf5dc987d54727823bcbf'
**Do not reveal the secret key when posting questions or committing code.** **Do not reveal the secret key when posting questions or committing code.**
@ -468,7 +468,7 @@ sure to use uppercase letters for your config keys.
Here is an example of a configuration file:: Here is an example of a configuration file::
# Example configuration # Example configuration
SECRET_KEY = b'_5#y2L"F4Q8z\n\xec]/' SECRET_KEY = '192b9bdd22ab9ed4d12e236c78afcb9a393ec15f71bbf5dc987d54727823bcbf'
Make sure to load the configuration very early on, so that extensions have Make sure to load the configuration very early on, so that extensions have
the ability to access the configuration when starting up. There are other the ability to access the configuration when starting up. There are other

4
docs/quickstart.rst
View File

@ -847,8 +847,8 @@ sessions work::
generator. Use the following command to quickly generate a value for generator. Use the following command to quickly generate a value for
:attr:`Flask.secret_key` (or :data:`SECRET_KEY`):: :attr:`Flask.secret_key` (or :data:`SECRET_KEY`)::
$ python -c 'import os; print(os.urandom(16))' $ python -c 'import secrets; print(secrets.token_hex())'
b'_5#y2L"F4Q8z\n\xec]/' '192b9bdd22ab9ed4d12e236c78afcb9a393ec15f71bbf5dc987d54727823bcbf'
A note on cookie-based sessions: Flask will take the values you put into the A note on cookie-based sessions: Flask will take the values you put into the
session object and serialize them into a cookie. If you are finding some session object and serialize them into a cookie. If you are finding some

6
docs/tutorial/deploy.rst
View File

@ -88,9 +88,9 @@ You can use the following command to output a random secret key:
.. code-block:: none .. code-block:: none
$ python -c 'import os; print(os.urandom(16))' $ python -c 'import secrets; print(secrets.token_hex())'
b'_5#y2L"F4Q8z\n\xec]/' '192b9bdd22ab9ed4d12e236c78afcb9a393ec15f71bbf5dc987d54727823bcbf'
Create the ``config.py`` file in the instance folder, which the factory Create the ``config.py`` file in the instance folder, which the factory
will read from if it exists. Copy the generated value into it. will read from if it exists. Copy the generated value into it.
@ -98,7 +98,7 @@ will read from if it exists. Copy the generated value into it.
.. code-block:: python .. code-block:: python
:caption: ``venv/var/flaskr-instance/config.py`` :caption: ``venv/var/flaskr-instance/config.py``
SECRET_KEY = b'_5#y2L"F4Q8z\n\xec]/' SECRET_KEY = '192b9bdd22ab9ed4d12e236c78afcb9a393ec15f71bbf5dc987d54727823bcbf'
You can also set any other necessary configuration here, although You can also set any other necessary configuration here, although
``SECRET_KEY`` is the only one needed for Flaskr. ``SECRET_KEY`` is the only one needed for Flaskr.