# Django Insecure SECRET_KEY

- ID: django-insecure-secret-key
- Severity: CRITICAL
- CWE: Hardcoded Credentials (CWE-798)
- Languages: Python
- Frameworks: django

## Description

Detects Django SECRET_KEY that is hardcoded, weak, or uses default values.
The SECRET_KEY is used for cryptographic signing and must be kept secret
and changed in production.

## Remediation

Load SECRET_KEY from environment variables.

```python
import os

SECRET_KEY = os.environ['DJANGO_SECRET_KEY']
```

Generate a strong key: `python -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())'`

Learn more: https://shoulder.dev/learn/python/cwe-798/secret-key

## Documentation

[object Object]

## Related Rules

- **Docker Secrets and Security Best Practices** [CRITICAL]: 
- **Hardcoded Secrets in Source Code** [CRITICAL]: 
- **Hardcoded Secret in Environment Variable Fallback** [HIGH]: 
- **Hardcoded Credentials** [HIGH]: 
- **Hardcoded High-Entropy Secrets Detection** [CRITICAL]: