Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Oops I Committed My Secret Key
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Philip James
July 20, 2016
Technology
0
430
Oops I Committed My Secret Key
Lightning talk given at DjangoCon US 2016
Philip James
July 20, 2016
Tweet
Share
More Decks by Philip James
See All by Philip James
Frog and Toad Learn about Django Security - NBT6
phildini
0
27
The Elephant and the Serpent (PyLatam 2019)
phildini
0
69
Account Security for the Fashionable App Developer
phildini
1
71
All in the Timing: Side-Channel Attacks
phildini
0
67
Giving Thanks
phildini
0
46
All in the Timing: Side-Channel Attacks in Python
phildini
0
420
API-Driven Django
phildini
1
420
Type uWSGI; Press Enter; What Happens?
phildini
0
110
Type uWSGI; Press Enter; What Happens?
phildini
1
83
Other Decks in Technology
See All in Technology
レガシー共有バッチ基盤への挑戦 - SREドリブンなリアーキテクチャリングの取り組み
tatsukoni
0
220
生成AIを活用した音声文字起こしシステムの2つの構築パターンについて
miu_crescent
PRO
2
200
What happened to RubyGems and what can we learn?
mikemcquaid
0
300
Digitization部 紹介資料
sansan33
PRO
1
6.8k
Amazon S3 Vectorsを使って資格勉強用AIエージェントを構築してみた
usanchuu
3
450
Webhook best practices for rock solid and resilient deployments
glaforge
1
290
All About Sansan – for New Global Engineers
sansan33
PRO
1
1.3k
Context Engineeringが企業で不可欠になる理由
hirosatogamo
PRO
3
590
量子クラウドサービスの裏側 〜Deep Dive into OQTOPUS〜
oqtopus
0
120
顧客との商談議事録をみんなで読んで顧客解像度を上げよう
shibayu36
0
240
Claude_CodeでSEOを最適化する_AI_Ops_Community_Vol.2__マーケティングx_AIはここまで進化した.pdf
riku_423
2
570
AIエージェントを開発しよう!-AgentCore活用の勘所-
yukiogawa
0
170
Featured
See All Featured
sira's awesome portfolio website redesign presentation
elsirapls
0
150
Build The Right Thing And Hit Your Dates
maggiecrowley
38
3k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
34
2.6k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
49
9.9k
Learning to Love Humans: Emotional Interface Design
aarron
275
41k
Building a Scalable Design System with Sketch
lauravandoore
463
34k
Building the Perfect Custom Keyboard
takai
2
680
How to Ace a Technical Interview
jacobian
281
24k
Typedesign – Prime Four
hannesfritz
42
2.9k
Imperfection Machines: The Place of Print at Facebook
scottboms
269
14k
Kristin Tynski - Automating Marketing Tasks With AI
techseoconnect
PRO
0
140
Sam Torres - BigQuery for SEOs
techseoconnect
PRO
0
190
Transcript
Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConfigured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConfigured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!
phildini
tatsukoni
miu_crescent
mikemcquaid
sansan33
usanchuu
glaforge
hirosatogamo
oqtopus
shibayu36
riku_423
yukiogawa
elsirapls
maggiecrowley
jcasabona
mongodb
aarron
lauravandoore
takai
jacobian
hannesfritz
scottboms
techseoconnect
