How to generate a new application.secret in Play 2.x

S

6

9

Apparently Play 1.x had a command 'play secret' that would create a new application.secret, but I don't see an equivalent command in Play 2.x. It is recommended to change the key when moving from development to production, so I need to find a way to make a new key for that.

Soho answered 24/9, 2013 at 18:19 Comment(0)

E

20

You are right. I think this feature is not yet implemented in 2.x version. I am afraid the only way to do is to create a new project. Each new project will generate a new secret key. And then copy only the newly generated key.

I think this issue was raised for your problem: https://github.com/n8han/giter8/issues/42 referenced in https://groups.google.com/forum/#!topic/play-framework/aMyM_fDglSs

Good luck.

EDIT 2020-01-23:

It would appear that they went back to camel-case, so on current versions of Play w/ SBT it should be

sbt playGenerateSecret

EDIT 2015-05-11:

As noted by @myk this is now implemented in the sbt plugin, you need to run:

sbt play-generate-secret

or

sbt play-update-secret

Edit 2015-07-02

Using activator:

activator playGenerateSecret

Epode answered 24/9, 2013 at 20:31 Comment(2)

Can we just invent a secret? – Borgia 19/2, 2014 at 10:53

Can you update this answer? The answer below shows that this has been implemented in the sbt plugin. – Motet 4/5, 2015 at 23:1

S

6

This is how you can do it in Scala console:

$ scala

scala> val r = new java.security.SecureRandom
r: java.security.SecureRandom = java.security.SecureRandom@b4ca6f6

scala> (1 to 64).map(_=>(r.nextInt(74)+48).toChar).mkString.replaceAll("\\\\+", "/")
res4: String = cCU`liU?i^R3f:Tk3ekG9a0^hjtwADUi@X2OtjAqKG`vv/>dk@cq_QOnu47WQ<0_

Your secret is key now is:

cCU`liU?i^R3f:Tk3ekG9a0^hjtwADUi@X2OtjAqKG`vv/>dk@cq_QOnu47WQ<0_

Salable answered 8/7, 2014 at 13:10 Comment(0)

C

5

run

sbt play-generate-secret

or

sbt play-update-secret

if you want to update an existing secret in application.conf

More info here https://www.playframework.com/documentation/2.3.2/ApplicationSecret

Chromogen answered 6/4, 2015 at 14:45 Comment(0)

H

3

in play 2.4 use

activator playGenerateSecret

Hoehne answered 20/8, 2015 at 11:14 Comment(0)

P

2

As mentioned by adis, you can just create a random string and it doesn't even matter if it's longer. Use uuidgen twice to get better entropy than by typing it:

application.secret="44786442-c4a6-49b7-a8cc-c44c09c5471d-6b55adcc-efeb-4f6b-b997-b222f3877119"

works here without problems.

Paternalism answered 24/9, 2013 at 18:19 Comment(0)

M

1

Play 2.6 requires

sbt playGenerateSecret

command

Melonymelos answered 31/7, 2018 at 19:45 Comment(0)

Recommended topics

Hot tags