Effects of changing Django's SECRET_KEY

Question

I made a mistake and committed my Django project\'s SECRET_KEY into a public repository.

This key should have been kept secret according to the docs htt

Answer 1

According to this page https://docs.djangoproject.com/en/dev/topics/signing/, the SECRET_KEY is mostly used for transitory stuff -- signing data sent over the wire so you can detect tampering, for example. It looks like the things that COULD break are:

• Signed cookies, e.g. "remember my auth on this computer" type values. In this case, the cookie will be invalidated, the signature will fail to verify and the user will have to re-authenticate.
• For any users that have requested links for a password reset or a custom file download, those links will no longer be valid. The users would simply have to re-request those links.

Someone with more recent and/or salient Django experience than me might chime in otherwise, but I suspect that unless you are explicitly doing something with the signing API, this should only create a mild inconvenience for your users.