Make changes to explain secret key.

vmagelo · vmagelo · commit 1a39f10f8221 · 2023-03-28T11:36:51.000+02:00
diff --git a/articles/python/includes/python-web-app-managed-identity/connect-postgres-to-app-azure-portal-2.md b/articles/python/includes/python-web-app-managed-identity/connect-postgres-to-app-azure-portal-2.md
@@ -13,6 +13,7 @@ Create application settings:
     * *DBUSER* &rarr; Enter *webappuser*, the user you created for the managed identity in the previous article. The sample code constructs the correct Postgres username from `DBUSER` and `DBHOST`, so don't include the *@server* portion.
     * *STORAGE_ACCOUNT_NAME* &rarr; The name of the storage account, which the sample code combines with *blob.core.windows.net* to create the storage URL endpoint.
     * *STORAGE_CONTAINER_NAME* &rarr; The name of the container in the storage account, where photos are stored. For example, *photos*.
+    * *SECRET_KEY* &rarr; Enter a secret key for the app. This is used for example to encrypt the session cookie. You can generate a value with `python -c "import secrets; print(secrets.token_hex())"`.
 
 1. Confirm you have five settings with the correct values.
 
diff --git a/articles/python/includes/python-web-app-managed-identity/connect-postgres-to-app-cli.md b/articles/python/includes/python-web-app-managed-identity/connect-postgres-to-app-cli.md
@@ -37,4 +37,5 @@ az webapp config appsettings set `
 * *$DBNAME* &rarr; Enter *restaurant*, the name of the application database.
 * *$DBUSER* &rarr; Enter *webappuser*, the user you created for the managed identity in the previous article. The sample code constructs the correct Postgres username from `DBUSER` and `DBHOST`, so don't include the *@server* portion.
 * *$STORAGE_ACCOUNT_NAME* &rarr; The name of the storage account, which the sample code combines with *blob.core.windows.net* to create the storage URL endpoint.
-* *$STORAGE_CONTAINER_NAME* &rarr; The name of the container in the storage account, where photos are stored. For example, *photos*.
+* *$STORAGE_CONTAINER_NAME* &rarr; The name of the container in the storage account, where photos are stored. For example, *photos*.
+* *SECRET_KEY* &rarr; Enter a secret key for the app. This is used for example to encrypt the session cookie. You can generate a value with `python -c "import secrets; print(secrets.token_hex())"`.
diff --git a/articles/python/includes/python-web-app-managed-identity/connect-postgres-to-app-visual-studio-code-2.md b/articles/python/includes/python-web-app-managed-identity/connect-postgres-to-app-visual-studio-code-2.md
@@ -11,4 +11,5 @@ Add the following settings:
 * *DBNAME* &rarr; Enter *restaurant*, the name of the application database.
 * *DBUSER* &rarr; Enter *webappuser*, the user you created for the managed identity in the previous article. The sample code constructs the correct Postgres username from `DBUSER` and `DBHOST`, so don't include the *@server* portion.
 * *STORAGE_ACCOUNT_NAME* &rarr; The name of the storage account, which the sample code combines with *blob.core.windows.net* to create the storage URL endpoint.
-* *STORAGE_CONTAINER_NAME* &rarr; The name of the container in the storage account, where photos are stored. For example, *photos*.
+* *STORAGE_CONTAINER_NAME* &rarr; The name of the container in the storage account, where photos are stored. For example, *photos*.
+* *SECRET_KEY* &rarr; Enter a secret key for the app. This is used for example to encrypt the session cookie. You can generate a value with `python -c "import secrets; print(secrets.token_hex())"`.
diff --git a/articles/python/tutorial-python-managed-identity-02.md b/articles/python/tutorial-python-managed-identity-02.md
@@ -125,21 +125,24 @@ Connecting Azure Storage Explorer to Azurite is covered in the article [Use the
 
 If you started with one of the sample apps, copy the *.env.sample* file to *.env*. If you didn't start with one of the sample apps, create an *.env* file and make sure you have the dependencies in the *requirements.txt*. Add other packages as needed such as [django-sslserver](https://pypi.org/project/django-sslserver/) or [python-certifi-win32](https://pypi.org/project/python-certifi-win32/).
 
-The *.env* is only used in local development and should look like the example below. The *.env* file contains info about connecting to your local PostgreSQL and Azurite instances:
+The *.env* file is only used in local development and should look like the example below. The *.env* file contains info about connecting to your local PostgreSQL and Azurite instances:
 
 ```
 # Local PostgreSQL connection info
 DBNAME=<local-database name>
 DBHOST=<local-database-hostname>
 DBUSER=<local-db-user-name>
 DBPASS=<local-db-password>
+SECRET_KEY=<your-secret-key>
 
 # Emulator storage connection info
 STORAGE_URL=https://127.0.0.1:10000/devstoreaccount1
 STORAGE_CONTAINER_NAME=photos
 ```
 
-The sample app uses the [python-dotenv](https://pypi.org/project/python-dotenv/) to read environment variables from the *.env* file. 
+A `SECRET_KEY` key you can use for this tutorial can be generated with the following Python code: `python -c "import secrets; print(secrets.token_hex())"`.
+
+The sample app uses the [python-dotenv](https://pypi.org/project/python-dotenv/) to read environment variables from the *.env* file.
 
 Next, create the `restaurant` and `review` database tables:
 
diff --git a/articles/python/tutorial-python-managed-identity-06.md b/articles/python/tutorial-python-managed-identity-06.md
@@ -17,7 +17,7 @@ This article is part of a tutorial about deploying a Python app to Azure App Ser
 
 With the web app, storage account, and PostgreSQL database resources created, the next step is to tell the web app how to connect to the Azure Storage account and Azure Database for PostgreSQL service.
 
-The Python sample code expects environment variables named `DBHOST`, `DBNAME`, `DBUSER`, `STORAGE_ACCOUNT_NAME`, and `STORAGE_CONTAINER_NAME` to connect to the storage and database resources. You don't specify an access key for storage or a password for the database because authentication is handled by managed identity.
+The Python sample code expects environment variables named `DBHOST`, `DBNAME`, `DBUSER`, `STORAGE_ACCOUNT_NAME`, `STORAGE_CONTAINER_NAME`, and `SECRET_KEY` to connect to the storage and database resources. You don't specify an access key for storage or a password for the database because authentication is handled by managed identity.
 
 ### [Azure portal](#tab/azure-portal)
 
