Effects of changing Django's SECRET_KEY

Question

I made a mistake and committed my Django project\'s SECRET_KEY into a public repository.

This key should have been kept secret according to the docs htt

Answer 1

The SECRET_KEY string is primarily used for encrypting and/or hashing cookies data. A lot of frameworks (including Django) come to this since default session cookies have its own drawbacks.

Imagine that you have form in django for editing articles with a hidden field. In this hidden field is stored ID of article you have editing. And if you want to be sure that no-one can send you any other article id, you will add an extra hidden field with hashed id. So if someone will change the ID, you will know it because the hash won't be the same.

Of course this is a trivial example but this is how the SECRET_KEY is used.

Django is internaly using it for example for {% csrf_token %} and few more things. It really shouldn't have any impact on your application if you will change it, based on your question and that you aren't using it.

The only thing is that maybe the session values will be dropped. So for example users will have to login into admin again, because django won't be able to decode session with different key.