Merge pull request #148 from SchrodingersGat/secret-key

SECRET_KEY is now generated by a script and stored as a local file

.gitignore

@@ -30,7 +30,10 @@ local_settings.py
 # Local media storage (only when running in development mode)
 InvenTree/media
 
-# Ignore PyCharm project configuration
+# Key file
+secret_key.txt
+
+# Ignore python IDE project configuration
 .idea/
 
 # Coverage reports

InvenTree/InvenTree/settings.py

@@ -21,8 +21,9 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 # See https://docs.djangoproject.com/en/1.10/howto/deployment/checklist/
 
 # SECURITY WARNING: keep the secret key used in production secret!
-# TODO: remove this
-SECRET_KEY = 'oc2z%5)lu#jsxi#wpg)700z@v48)2aa_yn(a(3qg!z!fw&tr9f'
+key_file = open(os.path.join(BASE_DIR, 'secret_key.txt'), 'r')
+
+SECRET_KEY = key_file.read().strip()
 
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True

InvenTree/key.py

@@ -0,0 +1,24 @@
+# Generate a SECRET_KEY file
+
+import random
+import string
+import os
+
+fn = 'secret_key.txt'
+
+
+def generate_key():
+    options = string.digits + string.ascii_letters + string.punctuation
+    key = ''.join([random.choice(options) for i in range(50)])
+    return key
+
+
+if __name__ == '__main__':
+
+    # Ensure key file is placed in same directory as this script
+    path = os.path.dirname(os.path.realpath(__file__))
+    key_file = os.path.join(path, fn)
+
+    with open(key_file, 'w') as kf:
+        kf.write(generate_key())
+        print('Generated SECRET_KEY to {f}'.format(f=key_file))

Makefile

@@ -28,6 +28,9 @@ migrate:
 install:
 	# TODO: replace this with a proper setup.py
 	pip install -U -r requirements/base.txt
+	
+	# Generate a secret key
+	python InvenTree/key.py
 
 setup: install migrate