Oops I Committed My Secret Key

July 20, 2016

410

Oops I Committed My Secret Key

Lightning talk given at DjangoCon US 2016

Philip James

July 20, 2016

Tweet

More Decks by Philip James

See All by Philip James

Frog and Toad Learn about Django Security - NBT6

0

26

The Elephant and the Serpent (PyLatam 2019)

0

67

Account Security for the Fashionable App Developer

1

66

All in the Timing: Side-Channel Attacks

0

60

0

45

All in the Timing: Side-Channel Attacks in Python

0

420

API-Driven Django

1

390

Type uWSGI; Press Enter; What Happens?

0

95

Type uWSGI; Press Enter; What Happens?

1

75

Other Decks in Technology

See All in Technology

マネジメントって難しい、けどおもしろい / Management is tough, but fun! #em_findy

7

910

5min GuardDuty Extended Threat Detection EKS

0

190

Beyond Kaniko: Navigating Unprivileged Container Image Creation

0

130

Lufthansa ®️ USA Contact Numbers: Complete 2025 Support Guide

lufthanahelpsupport

0

130

20250707-AI活用の個人差を埋めるチームづくり

4

3.6k

赤煉瓦倉庫勉強会｢Databricksを選んだ理由と、絶賛真っ只中のデータ基盤移行体験記｣

ivry_presentationmaterials

2

330

生成AIで小説を書くためにプロンプトの制約や原則について学ぶ / prompt-engineering-for-ai-fiction

6

4.1k

AWS認定を取る中で感じたこと

1

170

Delta airlines Customer®️ USA Contact Numbers: Complete 2025 Support Guide

0

340

モバイル界のMCPを考える

0

420

Connect 100+を支える技術

0

190

ビギナーであり続ける/beginning

3

720

Featured

See All Featured

Being A Developer After 40

90

590k

Building an army of robots

306

45k

GraphQLとの向き合い方2022年版

49

14k

Principles of Awesome APIs and How to Build Them.

126

17k

Automating Front-end Workflow

1370

200k

Documentation Writing (for coders)

72

4.9k

Java REST API Framework Comparison - PWX 2021

31

8.7k

Cheating the UX When There Is Nothing More to Optimize - PixelPioneers

stephaniewalter

281

13k

GraphQLの誤解/rethinking-graphql

71

11k

Bash Introduction

614

210k

Building a Scalable Design System with Sketch

462

33k

The Illustrated Children's Guide to Kubernetes

48

50k

Transcript

Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConﬁgured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConﬁgured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!