From 1264c458ae808d306aa03c51f70103e52dca107b Mon Sep 17 00:00:00 2001
From: Armin Ronacher <armin.ronacher@active-4.com>
Date: Wed, 26 May 2010 15:19:08 +0200
Subject: [PATCH] Document ways to generate secret keys.  This fixes #47.

---
 docs/quickstart.rst | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/docs/quickstart.rst b/docs/quickstart.rst
index cb887251..a2cbb8b5 100644
--- a/docs/quickstart.rst
+++ b/docs/quickstart.rst
@@ -659,6 +659,19 @@ sessions work::
 The here mentioned :func:`~flask.escape` does escaping for you if you are
 not using the template engine (like in this example).
 
+.. admonition:: How to generate good Secret Keys
+
+   The problem with random is that it's hard to judge what random is.  And
+   a secret key should be as random as possible.  Your operating system
+   has ways to generate pretty random stuff based on a cryptographical
+   random generator which can be used to get such a key:
+
+   >>> import os
+   >>> os.urandom(24)
+   '\xfd{H\xe5<\x95\xf9\xe3\x96.5\xd1\x01O<!\xd5\xa2\xa0\x9fR"\xa1\xa8'
+
+   Just take that thing and copy/paste it into your code and you're done.
+
 Message Flashing
 ----------------