Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Oops I Committed My Secret Key
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Philip James
July 20, 2016
Technology
0
430
Oops I Committed My Secret Key
Lightning talk given at DjangoCon US 2016
Philip James
July 20, 2016
Tweet
Share
More Decks by Philip James
See All by Philip James
Frog and Toad Learn about Django Security - NBT6
phildini
0
28
The Elephant and the Serpent (PyLatam 2019)
phildini
0
70
Account Security for the Fashionable App Developer
phildini
1
73
All in the Timing: Side-Channel Attacks
phildini
0
70
Giving Thanks
phildini
0
48
All in the Timing: Side-Channel Attacks in Python
phildini
0
420
API-Driven Django
phildini
1
430
Type uWSGI; Press Enter; What Happens?
phildini
0
110
Type uWSGI; Press Enter; What Happens?
phildini
1
85
Other Decks in Technology
See All in Technology
「お金で解決」が全てではない!大規模WebアプリのCI高速化 #phperkaigi
stefafafan
4
2.1k
Kiro Powers 入門
k_adachi_01
0
130
会社紹介資料 / Sansan Company Profile
sansan33
PRO
16
410k
WebアクセシビリティをCI/CDで担保する ― axe DevTools × Playwright C#実践ガイド
tomokusaba
2
200
モジュラモノリス導入から4年間の総括:アーキテクチャと組織の相互作用について / Architecture and Organizational Interaction
nazonohito51
3
1.3k
A Casual Introduction to RISC-V
omasanori
0
520
欠陥分析(ODC分析)における生成AIの活用プロセスと実践事例 / 20260320 Suguru Ishii & Naoki Yamakoshi & Mayu Yoshizawa
shift_evolve
PRO
0
250
ソフトバンク流!プラットフォームエンジニアリング実現へのアプローチ
sbtechnight
1
240
Windows ファイル共有(SMB)を再確認する
murachiakira
PRO
0
210
Phase12_総括_自走化
overflowinc
0
550
_Architecture_Modernization_から学ぶ現状理解から設計への道のり.pdf
satohjohn
2
630
スピンアウト講座06_認証系(API-OAuth-MCP)入門
overflowinc
0
430
Featured
See All Featured
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
690
The Language of Interfaces
destraynor
162
26k
Un-Boring Meetings
codingconduct
0
230
Color Theory Basics | Prateek | Gurzu
gurzu
0
260
Collaborative Software Design: How to facilitate domain modelling decisions
baasie
0
160
Side Projects
sachag
455
43k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
52k
Odyssey Design
rkendrick25
PRO
2
550
A Modern Web Designer's Workflow
chriscoyier
698
190k
Building Applications with DynamoDB
mza
96
7k
Scaling GitHub
holman
464
140k
Lightning Talk: Beautiful Slides for Beginners
inesmontani
PRO
1
490
Transcript
Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConfigured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConfigured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!
phildini
stefafafan
k_adachi_01
sansan33
tomokusaba
nazonohito51
omasanori
shift_evolve
sbtechnight
murachiakira
overflowinc
satohjohn
nmsamuel
destraynor
codingconduct
gurzu
baasie
sachag
chrisshort
rkendrick25
chriscoyier
mza
holman
inesmontani
