The SECRET_KEY is a secret value that helps keep your Django app safe. It protects important parts like user sessions and passwords.
SECRET_KEY = 'your-very-secret-string-here'SECRET_KEY private and never share it publicly.SECRET_KEY = 'django-insecure-4x!$#@randomstring1234567890'DEBUG = False ALLOWED_HOSTS = ['example.com']
CSRF_COOKIE_SECURE = True SESSION_COOKIE_SECURE = True
This example shows how to set the SECRET_KEY and important security settings in Django's settings.py. It prints part of the secret key (hiding most for safety) and shows other security options.
from django.conf import settings # Example settings.py snippet SECRET_KEY = 'django-insecure-abc123!@#secretkey' DEBUG = False ALLOWED_HOSTS = ['localhost', '127.0.0.1'] CSRF_COOKIE_SECURE = True SESSION_COOKIE_SECURE = True print(f"Secret key set: {SECRET_KEY[:10]}... (hidden for security)") print(f"Debug mode: {DEBUG}") print(f"Allowed hosts: {ALLOWED_HOSTS}") print(f"CSRF cookie secure: {CSRF_COOKIE_SECURE}") print(f"Session cookie secure: {SESSION_COOKIE_SECURE}")
Never commit your real SECRET_KEY to public code repositories.
Use environment variables or separate files to keep secrets safe.
Always set DEBUG = False in production to avoid leaking sensitive info.
The SECRET_KEY keeps your Django app secure by protecting data and sessions.
Keep it secret, long, and random.
Use other security settings like DEBUG, ALLOWED_HOSTS, and secure cookies to protect your app.