django-aesfield
django-aesfield copied to clipboard
Key should be easily read as string not in file
you should able to set key as string and not file, or at least if it was null, use the SECRET_KEY
We require key files by design. If you store your key as a string (in settings or elsewhere) then your attacker only has to compromise your source code. If you store your key in a file then your attacker has to compromise both your source code and your file system.
althought I agree with you, meybe using SECRET_KEY as fallback is a good option.