{ "info": { "author": "Eralp Bayraktar", "author_email": "imeralpb@gmail.com", "bugtrack_url": null, "classifiers": [], "description": "================================\nDjango Rotate Secret Key\n================================\n\nHelps rotating your secret keys safely without losing user sessions, which means without logging users out.\n\nCompatible with modern Django versions. At the moment of writing that's including 1.11 and 2.0 on Python 3.7.\n\nI haven't found any library to allow us to do this on our production website, so I started the library.\n\nProblem\n============\nOnce you change the ``SECRET_KEY`` on production, all the old sessions and cookies are invalidated,\nusers are logged out and data in sessions are lost.\n\nThis is good if your ``SECRET_KEY`` is compromised!\nBut not good if you just want to rotate in a regular schedule for security purposes.\n\nThis library allows you to continue supporting old sessions signed with your old secret key,\nwhile rewriting them with the new secret key if the user comes to the website.\n\nSo optimal schedule would be\n\n- you decide to rotate your secret key\n- Install ``django-rotate-secret-key`` and configure\n- Support both keys for a limited time (x months)\n- Roll back ``django-rotate-secret-key`` and keep your secret key the same (removing the old one)\n\nIf a user comes back to the website after x months, his session will be invalidated.\nBut for all the regular users this should be seamless transition.\n\nCompatibility\n=============\n\nIf you are using JWT tokens created by ``django-rest-framework-jwt``, currently package is not compatible. But it will\nbe supported in version 1.0.\n\nGetting It\n============\n::\n\n $ pip install django-rotate-secret-key\n\nInstalling It\n==============\n\nThis is safe to do even before you decide to rotate your keys,\nit basically has no effect before you change the settings.::\n\n INSTALLED_APPS = (\n ...\n 'rotatesecretkey',\n ...\n )\n\nSettings\n============\n\nReplace AuthenticationMiddleware with RotateAuthenticationMiddleware::\n\n MIDDLEWARE = [\n ...\n # 'django.contrib.auth.middleware.AuthenticationMiddleware',\n 'rotatesecretkey.middleware.RotateAuthenticationMiddleware',\n ...\n ]\n\nReplace SESSION_ENGINE::\n\n SESSION_ENGINE = 'rotatesecretkey.sessions'\n\nAdd the old secret key into OLD_SECRET_KEY, and create a new ``SECRET_KEY``.::\n\n SECRET_KEY = 'NEWRANDOMKEY'\n OLD_SECRET_KEY = 'your_previous_secret_key_that_you_want_to_support'\n\nOnce these changes go live your website will decode old sessions with\nthe OLD_SECRET_KEY and resign them with the new ``SECRET_KEY``.\n\nAfter some time (like 1 or 2 months) you should roll these changes back and just keep the ``SECRET_KEY``.::\n\n SECRET_KEY = 'NEWRANDOMKEY'\n\nYou don't want to support ``OLD_SECRET_KEY`` forever but long enough to give your visitors a\nchance to visit the website and rewrite their sessions with the new key.\n\n", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/EralpB/django-rotate-secret-key/", "keywords": "", "license": "MIT", "maintainer": "", "maintainer_email": "", "name": "django-rotate-secret-key", "package_url": "https://pypi.org/project/django-rotate-secret-key/", "platform": "", "project_url": "https://pypi.org/project/django-rotate-secret-key/", "project_urls": { "Homepage": "https://github.com/EralpB/django-rotate-secret-key/" }, "release_url": "https://pypi.org/project/django-rotate-secret-key/0.3/", "requires_dist": [ "Django (>=1.6)" ], "requires_python": "", "summary": "Rotate your Django secret", "version": "0.3" }, "last_serial": 4749822, "releases": { "0.1": [ { "comment_text": "", "digests": { "md5": "9d8475acc012386dfc9c76c8b1909982", "sha256": "86b83c59329dd235f9f47c7bd526c5f85aed9de51f7264a72ebdafa66917dfd0" }, "downloads": -1, "filename": "django_rotate_secret_key-0.1-py3-none-any.whl", "has_sig": false, "md5_digest": "9d8475acc012386dfc9c76c8b1909982", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 4094, "upload_time": "2019-01-24T10:33:42", "url": "https://files.pythonhosted.org/packages/33/09/ebcdab34dd5e0ef613eb6a823fc2af3a65dc7101893b5fa2e36cb67743d2/django_rotate_secret_key-0.1-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "f3d793962dbadecf5caccfa86f49236a", "sha256": "ec1740621e496f372ed079103c71ea8189b4e6cc8b8cf24512ec5801b34690c2" }, "downloads": -1, "filename": "django-rotate-secret-key-0.1.tar.gz", "has_sig": false, "md5_digest": "f3d793962dbadecf5caccfa86f49236a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 2667, "upload_time": "2019-01-24T10:33:44", "url": "https://files.pythonhosted.org/packages/62/83/8b8836a61c046d570e5db1153b84b2afb5b80b5a9b6634c2c65375d05ba4/django-rotate-secret-key-0.1.tar.gz" } ], "0.2": [ { "comment_text": "", "digests": { "md5": "5beec13b1c3cca6c488a959295ccb8c2", "sha256": "5d66254fe9ba5f7b29f4b4b7e206f48979059a975d283774d5c7ece172b3a64b" }, "downloads": -1, "filename": "django_rotate_secret_key-0.2-py2-none-any.whl", "has_sig": false, "md5_digest": "5beec13b1c3cca6c488a959295ccb8c2", "packagetype": "bdist_wheel", "python_version": "py2", "requires_python": null, "size": 4876, "upload_time": "2019-01-24T19:36:15", "url": "https://files.pythonhosted.org/packages/0f/43/f94b3c6fed58c5de76f4c9b1751d8f79925080a46ff564878f1742eefbd7/django_rotate_secret_key-0.2-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "47441ddb48c00fd2d78946cc3b9e6da3", "sha256": "042f17043f2c673ef310c2caf879601933a35f251af03ac3af7274fb0ef2e01b" }, "downloads": -1, "filename": "django_rotate_secret_key-0.2-py3-none-any.whl", "has_sig": false, "md5_digest": "47441ddb48c00fd2d78946cc3b9e6da3", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 5506, "upload_time": "2019-01-28T11:38:30", "url": "https://files.pythonhosted.org/packages/2b/69/e82b0e3e7311c2b63bb78ef7895bb19c583b8ed9866cbbc8dc4e6e173e54/django_rotate_secret_key-0.2-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "2cf6d4b71cd677fad72fc181d3038097", "sha256": "bdd2098d1d967adbc6b7d6667d00e12788ab7f85912ac2fff6bc678c55aad1ad" }, "downloads": -1, "filename": "django-rotate-secret-key-0.2.tar.gz", "has_sig": false, "md5_digest": "2cf6d4b71cd677fad72fc181d3038097", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 3982, "upload_time": "2019-01-24T19:36:16", "url": "https://files.pythonhosted.org/packages/ec/65/020b2acaf97241d43e1a70e3b2b696e3702965e2acb4100625942668eeeb/django-rotate-secret-key-0.2.tar.gz" } ], "0.3": [ { "comment_text": "", "digests": { "md5": "97be2f27b24441d300d980031c8e0e46", "sha256": "e1948aef8d9cb2d4731235d44e9af15765e9258b1e486c2f2faa0c2ff0484074" }, "downloads": -1, "filename": "django_rotate_secret_key-0.3-py3-none-any.whl", "has_sig": false, "md5_digest": "97be2f27b24441d300d980031c8e0e46", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 5510, "upload_time": "2019-01-28T11:38:31", "url": "https://files.pythonhosted.org/packages/de/3c/9515ce83cc5804607993e372410b2a1d8ddf57cea6eaa27ad275d9b92edb/django_rotate_secret_key-0.3-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "dd4b540a92add254680d6eceafceecba", "sha256": "9da44de619567a9a12364eca2cd007d61e74ad110ef04a5f87b56db122ff2749" }, "downloads": -1, "filename": "django-rotate-secret-key-0.3.tar.gz", "has_sig": false, "md5_digest": "dd4b540a92add254680d6eceafceecba", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 3916, "upload_time": "2019-01-28T11:39:20", "url": "https://files.pythonhosted.org/packages/d2/91/beb9a5aecb740546d020779ec14a8bbcf496072e4653800c03a719d21073/django-rotate-secret-key-0.3.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "97be2f27b24441d300d980031c8e0e46", "sha256": "e1948aef8d9cb2d4731235d44e9af15765e9258b1e486c2f2faa0c2ff0484074" }, "downloads": -1, "filename": "django_rotate_secret_key-0.3-py3-none-any.whl", "has_sig": false, "md5_digest": "97be2f27b24441d300d980031c8e0e46", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 5510, "upload_time": "2019-01-28T11:38:31", "url": "https://files.pythonhosted.org/packages/de/3c/9515ce83cc5804607993e372410b2a1d8ddf57cea6eaa27ad275d9b92edb/django_rotate_secret_key-0.3-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "dd4b540a92add254680d6eceafceecba", "sha256": "9da44de619567a9a12364eca2cd007d61e74ad110ef04a5f87b56db122ff2749" }, "downloads": -1, "filename": "django-rotate-secret-key-0.3.tar.gz", "has_sig": false, "md5_digest": "dd4b540a92add254680d6eceafceecba", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 3916, "upload_time": "2019-01-28T11:39:20", "url": "https://files.pythonhosted.org/packages/d2/91/beb9a5aecb740546d020779ec14a8bbcf496072e4653800c03a719d21073/django-rotate-secret-key-0.3.tar.gz" } ] }