Dynamic secret admin URL for Django. Time-based, deterministic, no storage. Hide your Django admin behind a URL that changes daily/monthly/hourly. Only you know the secret phrase to generate the current path.
Project description
Django Smart Dynamic Path v1.0.2
Dynamic secret admin URL for Django. Time-based, deterministic, no storage.
Hide your Django admin behind a URL that changes daily/monthly. Only you know the secret phrase to generate the current path.
What it does
Standard Django admin: /admin/ (always the same)
This package: /admin/a1b2c3d4e5f6g7h8/ (changes automatically)
Disclaimer
By using this software, you agree to the full disclaimer terms.
Summary: Software provided "AS IS" without warranty. You assume all risks.
Full legal disclaimer: See DISCLAIMER.md
Installation
pip install django-smart-dynamic-path
Quick start
1. Add to INSTALLED_APPS
INSTALLED_APPS = [
'django_smart_dynamic_path',
'django.contrib.admin',
# ...
]
2. Replace admin URLs in urls.py
from django.urls import path, include
urlpatterns = [
path('admin/', include('django_smart_dynamic_path.urls')),
]
3. Generate SECRET_KEY from secret phrase (local)
smart-dynamic-path --secret "your secret phrase" --key-only
Copy the output and set as SECRET_KEY in your .env or settings.py.
4. Configure period (optional, in settings.py)
SECRET_ADMIN_PERIOD = 'day' # day, month, static
5. Get current admin path (server)
python manage.py get_admin_path --full
⚠️ Important Django limitation
Due to Django's URL compilation mechanism, the admin path is calculated once when the server starts. To apply a new path when the period changes (e.g., next day), you need to restart the server.
Automatic restart with cron
# Add to crontab (restart at midnight)
0 0 * * * systemctl restart gunicorn
This is not a bug, but a Django architectural feature.
Django management commands
| Command | Output |
|---|---|
python manage.py generate_secret_key --secret "phrase" |
SECRET_KEY and period |
python manage.py get_admin_path |
a1b2c3d4e5f6g7h8 |
python manage.py get_admin_path --full |
/a1b2c3d4e5f6g7h8/ |
Template tag
{% load admin_link %}
<a href="{% secret_admin_link %}">Secret Admin</a>
Python API
from django_smart_dynamic_path import get_admin_path, get_admin_url
path = get_admin_path() # 'a1b2c3d4e5f6g7h8'
url = get_admin_url() # 'admin/a1b2c3d4e5f6g7h8/'
How it works
SECRET_KEY = SHA256(secret_phrase) # 64 hex chars (256 bits)
ADMIN_PATH = SHA256(SECRET_KEY + date)[:16].hex() # 32 hex chars (128 bits)
- Secret phrase → SECRET_KEY (256 bits)
- SECRET_KEY + current date → admin path (128 bits)
- Path changes automatically based on period (day/month/hour/static)
- Same secret phrase always produces same SECRET_KEY
- Same SECRET_KEY + same date always produces same path
Getting the path locally
git clone https://github.com/smartlegionlab/smart-dynamic-path
cd smart-dynamic-path
python3 -m smart_dynamic_path.cli --secret "my secret phrase"
python3 -m smart_dynamic_path.cli --secret "my secret phrase" --period month --prefix admin --full
python3 -m smart_dynamic_path.cli --secret "my secret phrase" --key-only
Implemented paradigms
1. Pointer‑Based Security
The admin URL is not stored anywhere. It is regenerated on demand from a secret phrase and current time. There is no stored "pointer" — only the ability to compute it.
2. Local Data Regeneration
The exact admin path is computed locally on the developer's machine using only the secret phrase and date, without accessing the server. The server never knows the secret phrase.
3. Position‑Candidate‑Hypothesis (PCH)
Among all possible URL paths (2¹²⁸ candidates), only one specific path generated by the secret phrase is valid at any given time. The hypothesis (which path is valid) is verified through the hash function.
Security
- No additional secrets — uses only Django's existing SECRET_KEY
- Secret phrase exists only in memory, never stored
- 32 hex chars = 2¹²⁸ possible paths (no brute force)
- Time‑based rotation limits exposure window
License
BSD-3-Clause
Author
Alexander Suvorov @smartlegionlab
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file django_smart_dynamic_path-1.0.2.tar.gz.
File metadata
- Download URL: django_smart_dynamic_path-1.0.2.tar.gz
- Upload date:
- Size: 8.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8825204cf8112c3a6c2105a54e9fa5c6e40770538d9e3cbfe590b79421bfacb4
|
|
| MD5 |
0fe1dfd026ea7f8bce2c93f00d915a43
|
|
| BLAKE2b-256 |
ade34e8edabea55295dc4e08480a3041c87b3d769226dbbbedaa167d9d8eea56
|
File details
Details for the file django_smart_dynamic_path-1.0.2-py3-none-any.whl.
File metadata
- Download URL: django_smart_dynamic_path-1.0.2-py3-none-any.whl
- Upload date:
- Size: 8.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9c68d58d6555ea55a237efe9fd2ed191dd3c5ea68857512ec8b29abc94896475
|
|
| MD5 |
ad4dff4558b1c1b0f94a68b2f32d4e2f
|
|
| BLAKE2b-256 |
9d842c1da0bdb87992c49e471f5ee4899ef90b1b733e2518bba4cb59d435ffa3
|
