Update the default value of SECRET_KEY to enable deployment checks

closes pulp#5529
lubosmj · Jul 2, 2024 · 618165c · 618165c
1 parent b2e4e22
commit 618165c
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 1 deletion.
diff --git a/CHANGES/5529.bugfix b/CHANGES/5529.bugfix
@@ -0,0 +1 @@
+Added a note about the default value of the `SECRET_KEY` setting.
diff --git a/pulpcore/app/checks.py b/pulpcore/app/checks.py
@@ -19,6 +19,21 @@ def content_origin_check(app_configs, **kwargs):
     return messages
 
 
+@register(deploy=True)
+def secret_key_check(app_configs, **kwargs):
+    messages = []
+    if getattr(settings, "SECRET_KEY", "SECRET") == "SECRET":
+        messages.append(
+            CheckError(
+                "SECRET_KEY is a required setting but it was not configured. It does not "
+                "come pre-configured by the installation and it should be set to a unique, "
+                "unpredictable value.",
+                id="pulpcore.E001",
+            )
+        )
+    return messages
+
+
 @register(deploy=True)
 def storage_paths(app_configs, **kwargs):
     warnings = []

diff --git a/pulpcore/app/settings.py b/pulpcore/app/settings.py
@@ -61,7 +61,8 @@
 # List of upload handler classes to be applied in order.
 FILE_UPLOAD_HANDLERS = ("pulpcore.app.files.HashingFileUploadHandler",)
 
-SECRET_KEY = True
+# SECURITY WARNING: this should be set to a unique, unpredictable value
+SECRET_KEY = "SECRET"
 
 # Key used to encrypt fields in the database
 DB_ENCRYPTION_KEY = "/etc/pulp/certs/database_fields.symmetric.key"
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Added a note about the default value of the `SECRET_KEY` setting.