clean up secret key docs

consistent key across docs and examples
consistent key across tests, set in conftest

docs/api.rst

@@ -103,12 +103,12 @@ Response Objects
 Sessions
 --------
 
-If you have the :attr:`Flask.secret_key` set you can use sessions in Flask
-applications.  A session basically makes it possible to remember
-information from one request to another.  The way Flask does this is by
-using a signed cookie.  So the user can look at the session contents, but
-not modify it unless they know the secret key, so make sure to set that
-to something complex and unguessable.
+If you have set :attr:`Flask.secret_key` (or configured it from
+:data:`SECRET_KEY`) you can use sessions in Flask applications. A session makes
+it possible to remember information from one request to another. The way Flask
+does this is by using a signed cookie. The user can look at the session
+contents, but can't modify it unless they know the secret key, so make sure to
+set that to something complex and unguessable.
 
 To access the current session you can use the :class:`session` object:
 

docs/config.rst

@@ -39,7 +39,7 @@ method::
 
     app.config.update(
         DEBUG=True,
-        SECRET_KEY='...'
+        SECRET_KEY=b'_5#y2L"F4Q8z\n\xec]/'
     )
 
 .. admonition:: Debug Mode with the ``flask`` Script
@@ -367,7 +367,7 @@ Here is an example of a configuration file::
 
     # Example configuration
     DEBUG = False
-    SECRET_KEY = '?\xbf,\xb4\x8d\xa3"<\x9c\xb0@\x0f5\xab,w\xee\x8d$0\x13\x8b83'
+    SECRET_KEY = b'_5#y2L"F4Q8z\n\xec]/'
 
 Make sure to load the configuration very early on, so that extensions have
 the ability to access the configuration when starting up.  There are other
@@ -385,7 +385,7 @@ from the environment.
 Environment variables can be set on Linux or OS X with the export command in
 the shell before starting the server::
 
-    $ export SECRET_KEY='?\xbf,\xb4\x8d\xa3"<\x9c\xb0@\x0f5\xab,w\xee\x8d$0\x13\x8b83'
+    $ export SECRET_KEY='5f352379324c22463451387a0aec5d2f'
     $ export DEBUG=False
     $ python run-app.py
      * Running on http://127.0.0.1:5000/
@@ -393,7 +393,7 @@ the shell before starting the server::
 
 On Windows systems use the `set` builtin instead::
 
-    >set SECRET_KEY='?\xbf,\xb4\x8d\xa3"<\x9c\xb0@\x0f5\xab,w\xee\x8d$0\x13\x8b83'
+    >set SECRET_KEY='5f352379324c22463451387a0aec5d2f'
     >set DEBUG=False
 
 While this approach is straightforward to use, it is important to remember that

docs/patterns/flashing.rst

@@ -22,7 +22,7 @@ So here is a full example::
          request, url_for
 
     app = Flask(__name__)
-    app.secret_key = 'some_secret'
+    app.secret_key = b'_5#y2L"F4Q8z\n\xec]/'
 
     @app.route('/')
     def index():

docs/quickstart.rst

@@ -160,7 +160,7 @@ Screenshot of the debugger in action:
    :class: screenshot
    :alt: screenshot of debugger in action
 
-More information on using the debugger can be found in the `Werkzeug 
+More information on using the debugger can be found in the `Werkzeug
 documentation`_.
 
 .. _Werkzeug documentation: http://werkzeug.pocoo.org/docs/debug/#using-the-debugger
@@ -724,6 +724,9 @@ sessions work::
 
     app = Flask(__name__)
 
+    # Set the secret key to some random bytes. Keep this really secret!
+    app.secret_key = b'_5#y2L"F4Q8z\n\xec]/'
+
     @app.route('/')
     def index():
         if 'username' in session:
@@ -748,24 +751,18 @@ sessions work::
         session.pop('username', None)
         return redirect(url_for('index'))
 
-    # set the secret key.  keep this really secret:
-    app.secret_key = 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT'
-
 The :func:`~flask.escape` mentioned here does escaping for you if you are
 not using the template engine (as in this example).
 
 .. admonition:: How to generate good secret keys
 
-   The problem with random is that it's hard to judge what is truly random.  And
-   a secret key should be as random as possible.  Your operating system
-   has ways to generate pretty random stuff based on a cryptographic
-   random generator which can be used to get such a key::
+    A secret key should be as random as possible. Your operating system has
+    ways to generate pretty random data based on a cryptographic random
+    generator. Use the following command to quickly generate a value for
+    :attr:`Flask.secret_key` (or :data:`SECRET_KEY`)::
 
-       >>> import os
-       >>> os.urandom(24)
-       '\xfd{H\xe5<\x95\xf9\xe3\x96.5\xd1\x01O<!\xd5\xa2\xa0\x9fR"\xa1\xa8'
-
-       Just take that thing and copy/paste it into your code and you're done.
+        $ python -c 'import os; print(os.urandom(16))'
+        b'_5#y2L"F4Q8z\n\xec]/'
 
 A note on cookie-based sessions: Flask will take the values you put into the
 session object and serialize them into a cookie.  If you are finding some

docs/tutorial/setup.rst

@@ -33,12 +33,12 @@ initialize it with the config from the same file in :file:`flaskr.py`::
     app.config.from_object(__name__) # load config from this file , flaskr.py
 
     # Load default config and override config from an environment variable
-    app.config.update(dict(
+    app.config.update(
         DATABASE=os.path.join(app.root_path, 'flaskr.db'),
-        SECRET_KEY='development key',
+        SECRET_KEY=b'_5#y2L"F4Q8z\n\xec]/',
         USERNAME='admin',
         PASSWORD='default'
-    ))
+    )
     app.config.from_envvar('FLASKR_SETTINGS', silent=True)
 
 In the above code, the :class:`~flask.Config` object works similarly to a
@@ -77,7 +77,7 @@ method on the config object and provide it with an import name of a
 module.  Flask will then initialize the variable from that module.  Note
 that in all cases, only variable names that are uppercase are considered.
 
-The ``SECRET_KEY`` is needed to keep the client-side sessions secure.
+The :data:`SECRET_KEY` is needed to keep the client-side sessions secure.
 Choose that key wisely and as hard to guess and complex as possible.
 
 Lastly, add a method that allows for easy connections to the specified