use secrets instead of os.urandom

2021-10-12 09:00:50 -04:00 · 2021-10-12 09:00:50 -04:00 · 58a08a1d73
commit 58a08a1d73
parent 8ddf80c3ea
3 changed files with 9 additions and 9 deletions
--- a/docs/config.rst
+++ b/docs/config.rst
@ -38,7 +38,7 @@ method::

    app.config.update(
        TESTING=True,
-        SECRET_KEY=b'_5#y2L"F4Q8z\n\xec]/'
+        SECRET_KEY='192b9bdd22ab9ed4d12e236c78afcb9a393ec15f71bbf5dc987d54727823bcbf'
    )


@ -180,8 +180,8 @@ The following configuration values are used internally by Flask:
    application. It should be a long random ``bytes`` or ``str``. For
    example, copy the output of this to your config::

-        $ python -c 'import os; print(os.urandom(16))'
-        b'_5#y2L"F4Q8z\n\xec]/'
+        $ python -c 'import secrets; print(secrets.token_hex()))'
+        '192b9bdd22ab9ed4d12e236c78afcb9a393ec15f71bbf5dc987d54727823bcbf'

    **Do not reveal the secret key when posting questions or committing code.**

@ -468,7 +468,7 @@ sure to use uppercase letters for your config keys.
 Here is an example of a configuration file::

    # Example configuration
-    SECRET_KEY = b'_5#y2L"F4Q8z\n\xec]/'
+    SECRET_KEY = '192b9bdd22ab9ed4d12e236c78afcb9a393ec15f71bbf5dc987d54727823bcbf'

 Make sure to load the configuration very early on, so that extensions have
 the ability to access the configuration when starting up.  There are other