Oops I Committed My Secret Key

July 20, 2016

420

Oops I Committed My Secret Key

Lightning talk given at DjangoCon US 2016

Philip James

July 20, 2016

Tweet

More Decks by Philip James

See All by Philip James

Frog and Toad Learn about Django Security - NBT6

0

27

The Elephant and the Serpent (PyLatam 2019)

0

68

Account Security for the Fashionable App Developer

1

70

All in the Timing: Side-Channel Attacks

0

67

0

46

All in the Timing: Side-Channel Attacks in Python

0

420

API-Driven Django

1

410

Type uWSGI; Press Enter; What Happens?

0

100

Type uWSGI; Press Enter; What Happens?

1

81

Other Decks in Technology

See All in Technology

JEDAI認定プログラム JEDAI Order 2026 エントリーのご案内 / JEDAI Order 2026 Entry

databricksjapan

0

130

GitHub Copilotを使いこなす実例に学ぶAIコーディング活用術

3

3.4k

ExpoのインダストリーブースでみたAWSが見せる製造業の未来

0

140

Reinforcement Fine-tuning 基礎〜実践まで

0

190

AI時代の新規LLMプロダクト開発: Findy Insightsを3ヶ月で立ち上げた舞台裏と振り返り

0

180

プロンプトやエージェントを自動的に作る方法

12

10k

re:Invent2025 コンテナ系アップデート振り返り(+CloudWatchログのアップデート紹介)

0

390

生成AIを利用するだけでなく、投資できる組織へ / Becoming an Organization That Invests in GenAI

0

100

非CUDAの悲哀〜Claude Code と挑んだ image to 3D “Hunyuan3D”を EVO-X2(Ryzen AI Max+395)で動作させるチャレンジ〜

2

200

AIの長期記憶と短期記憶の違いについてAgentCoreを例に深掘ってみた

4

400

Challenging Hardware Contests with Zephyr and Lessons Learned

0

230

Jakarta Agentic AI Specification - Status and Future

0

110

Featured

See All Featured

30

1.3k

Unsuck your backbone

671

58k

Testing 201, or: Great Expectations

46

7.8k

個人開発の失敗を避けるイケてる考え方 / tips for indie hackers

122

21k

Code Review Best Practice

74

19k

The Psychology of Web Performance [Beyond Tellerrand 2023]

49

3.2k

PRO

33

15k

Git: the NoSQL Database

PRO

432

66k

Balancing Empowerment & Direction

5

800

Distributed Sagas: A Protocol for Coordinating Microservices

333

22k

The MySQL Ecosystem @ GitHub 2015

251

13k

The Web Performance Landscape in 2024 [PerfNow 2024]

12

970

Transcript

Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConﬁgured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConﬁgured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!