Oops I Committed My Secret Key

July 20, 2016

420

Oops I Committed My Secret Key

Lightning talk given at DjangoCon US 2016

Philip James

July 20, 2016

Tweet

More Decks by Philip James

See All by Philip James

Frog and Toad Learn about Django Security - NBT6

0

26

The Elephant and the Serpent (PyLatam 2019)

0

67

Account Security for the Fashionable App Developer

1

66

All in the Timing: Side-Channel Attacks

0

61

0

45

All in the Timing: Side-Channel Attacks in Python

0

420

API-Driven Django

1

390

Type uWSGI; Press Enter; What Happens?

0

97

Type uWSGI; Press Enter; What Happens?

1

75

Other Decks in Technology

See All in Technology

スプリントレビューを効果的にするために

9

1.7k

公開初日に個人環境で試した Gemini CLI 体験記など / Gemini CLI実験レポート

PRO

3

600

Bliki (ja), and the Cathedral, and the Bazaar

8

1.5k

Shadow DOM & Security - Exploring the boundary between light and shadow

0

750

FAST導入1年間のふりかえり〜現実を直視し、さらなる進化を求めて〜 / Review of the first year of FAST implementation

1

180

20250719_JAWS_kobe

1

170

AI工学特論: MLOps・継続的評価

10

2k

Railsの限界を超えろ！「家族アルバムみてね」の画像・動画の大規模アップロードを支えるアーキテクチャの変遷

4

520

激動の時代、新卒エンジニアはAIツールにどう向き合うか。　[LayerX Bet AI Day Countdown LT Day1 ツールの選択]

0

600

【CEDEC2025】現場を理解して実現！ゲーム開発を効率化するWebサービスの開発と、利用促進のための継続的な改善

PRO

0

350

From Live Coding to Vibe Coding with Firebase Studio

firebasethailand

1

300

Snowflake のアーキテクチャは本当に筋がよかったのか / Data Engineering Study #30

0

280

Featured

See All Featured

"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)

229

22k

PRO

29

5.4k

Why Our Code Smells

PRO

337

57k

Making Projects Easy

117

6.3k

Build your cross-platform service in a week with App Engine

231

18k

What's in a price? How to price your products and services

246

12k

Six Lessons from altMBA

28

3.9k

Building a Modern Day  E-commerce SEO Strategy

42

7.4k

Producing Creativity

PRO

346

40k

4 Signs Your Business is Dying

184

22k

[RailsConf 2023 Opening Keynote] The Magic of Rails

29

9.6k

461

140k

Transcript

Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConﬁgured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConﬁgured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!