SECRET_KEY created in /etc/passerelle/secret

config.py

@@ -13,7 +13,7 @@
 
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = '!!-Change-Me-Now-!!'
+SECRET_KEY = file('/etc/passerelle/secret').read()
 
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = False

postinst

@@ -17,6 +17,14 @@ case "$1" in
     chown passerelle:passerelle /var/log/passerelle
     chown passerelle:passerelle /var/lib/passerelle
     chown passerelle:passerelle /var/lib/passerelle/media
+    # create a secret file
+    SECRET_FILE=/etc/passerelle/secret
+    if [ ! -f $SECRET_FILE ]; then
+        echo -n "Generating Django secret..." >&2
+        cat /dev/urandom | tr -dc [:alnum:]-_\!\%\^:\; | head -c70 > $SECRET_FILE
+        chown root:passerelle $SECRET_FILE
+        chmod 0440 $SECRET_FILE
+    fi
     # populate /var/lib/passerelle/collected-static
     $MANAGE collectstatic --noinput --link
   ;;