I been following a Django course on Youtube and coding an local app. But when I commit to my repo on Github, i get a mail from GitGuardian says that Django Secret key exposed. I don't know anything about this, does this mean my account at risk or something? The app I made just by following step from the course, it just an local app run on my computer. Is there any harm to anything of mine(code, computer,...)? I am very worried now Here is the messeage i get in my mail from gitguardian
Asked
Active
Viewed 867 times
1
-
1how serious this is depends on how serious the app in question is. From what you say about your app it's not serious at all. See [this](https://stackoverflow.com/a/64213581/9267296) on how to prevent this in the future. Also, it's good that this happens while learning. – Edo Akse Apr 15 '22 at 17:06
1 Answers
1
the secret key is used for generating cryptographic keys in your application like session cookies and password reset tokens. If someone has access to your secret key, they can generate their own hashes for your site. Here's a good rabbit hole to go down for more detailed information on the risks of exposing your secret key
Nnaobi
- 399
- 3
- 12
-
So what can i can do fix this problem now? Set my repo on github to private , is that make me safe for now? – CtMarvelous Apr 16 '22 at 00:47
-
Setting it to private reduces the number of people who have access to your secret key. You can also have a ```.env``` file which is added to ```.gitignore``` a suggested in the link by @edo akse in the comment above. To generate a new secret key, you can use the function located at ```django.core.management.utils.get_random_secret_key()```. For more info on generating secret keys look [here](https://stackoverflow.com/questions/41298963/is-there-a-function-for-generating-settings-secret-key-in-django) – Nnaobi Apr 16 '22 at 11:07