clarify how the SECRET_KEY is setup, we don't have a builtin (not secret) SECRET_KEY any more

2013-11-17 02:08:02 +01:00 · 2013-11-17 02:08:02 +01:00 · fe96c21592
commit fe96c21592
parent cb89967189
1 changed files with 11 additions and 2 deletions
--- a/docs/security.rst
+++ b/docs/security.rst
@ -161,5 +161,14 @@ For Django >=1.6 json will be the default rather than the less safe pickle forma
 Django's SECRET_KEY
 ===================

-Well, it needs to be secret, so don't just keep the value from our settings.py,
-but define a really secret one in your local_settings.py.
+Django's SECRET_KEY needs to be a long, random and secret string (it is
+usually set up by the administrator of the site).
+
+The builtin default settings will try to read SECRET_KEY from an environment
+variable of same name. If there is no such environment variable, the SECRET_KEY
+will be undefined.
+
+You can also define the SECRET_KEY in your local_settings.py.
+
+If you do not define a SECRET_KEY by one of these methods, the application
+will refuse to start and give you an error, that a SECRET_KEY is required.