Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Oops I Committed My Secret Key
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Philip James
July 20, 2016
Technology
430
0
Share
Oops I Committed My Secret Key
Lightning talk given at DjangoCon US 2016
Philip James
July 20, 2016
More Decks by Philip James
See All by Philip James
Frog and Toad Learn about Django Security - NBT6
phildini
0
32
The Elephant and the Serpent (PyLatam 2019)
phildini
0
74
Account Security for the Fashionable App Developer
phildini
1
74
All in the Timing: Side-Channel Attacks
phildini
0
74
Giving Thanks
phildini
0
49
All in the Timing: Side-Channel Attacks in Python
phildini
0
430
API-Driven Django
phildini
1
440
Type uWSGI; Press Enter; What Happens?
phildini
0
120
Type uWSGI; Press Enter; What Happens?
phildini
1
91
Other Decks in Technology
See All in Technology
【Gen-AX】20260530開催_JJUG CCC 2026 Spring
genax
0
350
Oracle AI Database@AWS:サービス概要のご紹介
oracle4engineer
PRO
4
2.8k
Datadog 認定試験の概要と対策
uechishingo
0
220
Javaコミュニティをもっと楽しむための9箇条
takasyou
0
1.1k
oracle-to-databricks-migration-with-llm-and-dbt
casek
1
410
はじめてのDatadog
kairim0
0
260
Terraformモジュールは、なぜ「魔境」化するのか
hayama17
1
160
「速く作る」から「正しく作る」へ ─ 生成AI時代の開発フロー改革の ロードマップと実行 ─
starfish719
0
3.8k
Databricks 月刊サービスアップデート 2026年05月号
tyosi1212
0
200
Databricks における 生成AIガバナンスの実践
taka_aki
1
240
20260528_生成AIを専属DSに_Howの次にすべきことを考える
doradora09
PRO
0
280
JJUG CCC 2026 Spring AI時代の開発こそ標準化を武器に! ― 方式・プロセス・プラットフォームの標準化
s27watanabe
2
670
Featured
See All Featured
Build your cross-platform service in a week with App Engine
jlugia
234
18k
Winning Ecommerce Organic Search in an AI Era - #searchnstuff2025
aleyda
1
2k
svc-hook: hooking system calls on ARM64 by binary rewriting
retrage
2
280
Leo the Paperboy
mayatellez
7
1.8k
Visual Storytelling: How to be a Superhuman Communicator
reverentgeek
2
550
Code Reviewing Like a Champion
maltzj
528
40k
DevOps and Value Stream Thinking: Enabling flow, efficiency and business value
helenjbeal
1
210
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
10
1.2k
Site-Speed That Sticks
csswizardry
13
1.2k
Speed Design
sergeychernyshev
33
1.8k
Tell your own story through comics
letsgokoyo
1
940
Organizational Design Perspectives: An Ontology of Organizational Design Elements
kimpetersen
PRO
1
720
Transcript
Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConfigured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConfigured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!
SiteGround - Reliable hosting with speed, security, and support you can count on.
phildini
.png){kind=avatar}
genax
oracle4engineer
uechishingo
takasyou
casek
kairim0
hayama17
starfish719
tyosi1212
taka_aki
doradora09
s27watanabe
jlugia
aleyda
retrage
mayatellez
reverentgeek
maltzj
.png){kind=avatar}
helenjbeal
addyosmani
csswizardry
sergeychernyshev
letsgokoyo
kimpetersen
