From 199d19a7bf99440e7db0d13244dae56fc038fd4e Mon Sep 17 00:00:00 2001
From: PV Tejas <pvtejas@protonmail.com>
Date: Tue, 11 Jul 2023 10:04:58 +0000
Subject: [PATCH] Update README.md

---
 README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/README.md b/README.md
index 419cfcb..c8e668f 100644
--- a/README.md
+++ b/README.md
@@ -9,3 +9,8 @@ Use `flask --app flaskr run` to run app. To update package, you will need to ins
 
 ## Initializing database
 The first time you install the app in each environment, you need to initialize database using `flask --app flaskr init-db`. This only needs to be run once per environment, and **will delete existing database if run again**.
+
+## Secret key
+Every website with login needs a secret key to hash passwords with.
+`<python_environment>/var/flaskr-instance/config.py` must contain a line `SECRET_KEY = '<secret_key>`, which must be randomly generated.  
+Suggested way of generating the key is `python -c 'import secrets; print(secrets.token_hex())'`, which returns a hexadecimal string with length 64. You may choose to randomly generate a key using a different method, but ensure that it is resistant to brute-force attacks.