Oops I Committed My Secret Key

July 20, 2016

420

Oops I Committed My Secret Key

Lightning talk given at DjangoCon US 2016

Philip James

July 20, 2016

Tweet

More Decks by Philip James

See All by Philip James

Frog and Toad Learn about Django Security - NBT6

0

27

The Elephant and the Serpent (PyLatam 2019)

0

68

Account Security for the Fashionable App Developer

1

70

All in the Timing: Side-Channel Attacks

0

67

0

46

All in the Timing: Side-Channel Attacks in Python

0

420

API-Driven Django

1

410

Type uWSGI; Press Enter; What Happens?

0

100

Type uWSGI; Press Enter; What Happens?

1

81

Other Decks in Technology

See All in Technology

フィッシュボウルのやり方 / How to do a fishbowl

2

350

Oracle Database@Azure：サービス概要のご紹介

oracle4engineer

PRO

2

180

モダンデータスタックの理想と現実の間で～1.3億人Vポイントデータ基盤の現在地とこれから～

taromatsui_cccmkhd

1

240

20251203_AIxIoTビジネス共創ラボ_第4回勉強会_BP山崎.pdf

0

120

LayerX QA Night#1

0

210

Oracle Database@Google Cloud：サービス概要のご紹介

oracle4engineer

PRO

1

740

子育てで想像してなかった「見えないダメージ」 / Unforeseen "hidden burdens" of raising children.

2

320

AWS re:Invent 2025 re:Cap LT大会データベース好きが語る re:Invent 2025 データベースアップデート/セッションの紹介

0

150

障害対応訓練、その前に

coconala_engineer

0

170

【U/Day Tokyo 2025】Cygames流最新スマートフォンゲームの技術設計〜『Shadowverse: Worlds Beyond』におけるアーキテクチャ再設計の挑戦～

PRO

2

1.3k

_第4回__AIxIoTビジネス共創ラボ紹介資料_20251203.pdf

0

120

Entity Framework Core におけるIN句クエリ最適化について

0

110

Featured

See All Featured

A Tale of Four Properties

162

23k

The Language of Interfaces

162

25k

The agentic SEO stack - context over prompts

0

550

What the history of the web can teach us about the future of AI

PRO

0

370

Product Roadmaps are Hard

PRO

55

12k

Evolving SEO for Evolving Search Engines

0

73

Embracing the Ebb and Flow

88

4.9k

Performance Is Good for Brains [We Love Speed 2024]

12

1.4k

The innovator’s Mindset -  Leading Through an Era of Exponential Change - McGill University 2025

PRO

1

67

Everyday Curiosity

0

110

Technical Leadership for Architectural Decision Making

0

180

Why Mistakes Are the Best Teachers: Turning Failure into a Pathway for Growth

0

26

Transcript

Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConﬁgured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConﬁgured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!