HumanSignal · bmartel · Aug 28, 2023 · Aug 24, 2023 · Aug 25, 2023 · Aug 25, 2023
diff --git a/deploy/requirements.txt b/deploy/requirements.txt
@@ -25,6 +25,7 @@ Django==3.2.20
 django-storages==1.12.3
 django_annoying==0.10.6
 django_debug_toolbar==3.2.1
+django-environ==0.10.0
 django_filter==2.4.0
 django_model_utils==4.1.1
 django_rq==2.5.1

diff --git a/label_studio/core/settings/base.py b/label_studio/core/settings/base.py
@@ -74,7 +74,7 @@
 if not logging.getLogger().hasHandlers():
     logging.basicConfig(level=logging.DEBUG, format='%(message)s')
 
-from label_studio.core.utils.io import get_data_dir
+from label_studio.core.utils.io import get_data_dir, generate_key_if_missing
 from label_studio.core.utils.params import get_bool_env, get_env, get_env_list_int
 
 logger = logging.getLogger(__name__)
@@ -105,7 +105,7 @@
 INTERNAL_PORT = '8080'
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = '$(fefwefwef13;LFK{P!)@#*!)kdsjfWF2l+i5e3t(8a1n'
+SECRET_KEY = generate_key_if_missing('SECRET_KEY')
 
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = get_bool_env('DEBUG', True)

diff --git a/label_studio/core/utils/io.py b/label_studio/core/utils/io.py
@@ -1,4 +1,5 @@
 """This file and its contents are licensed under the Apache License 2.0. Please see the included NOTICE for copyright information and LICENSE for a copy of the license.
+
 """
 import os
 import socket
@@ -16,6 +17,8 @@
 from tempfile import mkstemp, mkdtemp
 
 from django.conf import settings
+from django.core.management.utils import get_random_secret_key
+from label_studio.core.utils.params import env, env_file
 from appdirs import user_config_dir, user_data_dir, user_cache_dir
 
 # full path import results in unit test failures
@@ -208,3 +211,19 @@ def validate_upload_url(url, block_local_urls=True):
         if ipaddress.ip_address(ip) in ipaddress.ip_network(subnet):
             raise InvalidUploadUrlError
 
+def generate_key_if_missing(key):
+    value = env.str(key, "")
+
+    if value == "":
+        print(f'Warning: {key} not found in environment variables will generate a random key.')
+        value = get_random_secret_key()
+        try:
+            with open(env_file, 'a') as f:
+                f.write(f'\n{key}={value}\n')
+        except Exception as e:
+            print(f'Warning: failed to write {key} to .env file: {e}, new key will be regenerated on every server restart. If this key is used for signing, it will invalidate all existing sessions or tokens. Please set {key} in your environment variables to avoid this warning.')
+
+        os.environ[key] = value
+
+    return value
+
diff --git a/label_studio/core/utils/params.py b/label_studio/core/utils/params.py
@@ -1,7 +1,14 @@
 import os
+import environ
+
 from rest_framework.exceptions import ValidationError
 
 
+env = environ.Env()
+data_dir = os.environ.get('LABEL_STUDIO_DATA_DIR', os.path.join(os.path.dirname(__file__), '..', '..', '..', 'data'))
+env_file = os.path.join(data_dir, '.env')
+environ.Env.read_env(env_file)
+
 def cast_bool_from_str(value):
     if isinstance(value, str):
         if value.lower() in ['true', 'yes', 'on', '1']: