Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Oops I Committed My Secret Key
Search
Philip James
July 20, 2016
Technology
0
420
Oops I Committed My Secret Key
Lightning talk given at DjangoCon US 2016
Philip James
July 20, 2016
Tweet
Share
More Decks by Philip James
See All by Philip James
Frog and Toad Learn about Django Security - NBT6
phildini
0
26
The Elephant and the Serpent (PyLatam 2019)
phildini
0
67
Account Security for the Fashionable App Developer
phildini
1
66
All in the Timing: Side-Channel Attacks
phildini
0
64
Giving Thanks
phildini
0
45
All in the Timing: Side-Channel Attacks in Python
phildini
0
420
API-Driven Django
phildini
1
400
Type uWSGI; Press Enter; What Happens?
phildini
0
97
Type uWSGI; Press Enter; What Happens?
phildini
1
79
Other Decks in Technology
See All in Technology
企業の生成AIガバナンスにおけるエージェントとセキュリティ
lycorptech_jp
PRO
2
130
Webアプリケーションにオブザーバビリティを実装するRust入門ガイド
nwiizo
3
580
Grafana MCPサーバーによるAIエージェント経由でのGrafanaダッシュボード動的生成
hamadakoji
1
1.5k
20250903_1つのAWSアカウントに複数システムがある環境におけるアクセス制御をABACで実現.pdf
yhana
3
500
未経験者・初心者に贈る!40分でわかるAndroidアプリ開発の今と大事なポイント
operando
2
200
AIのグローバルトレンド2025 #scrummikawa / global ai trend
kyonmm
PRO
1
250
生成AI時代のデータ基盤設計〜ペースレイヤリングで実現する高速開発と持続性〜 / Levtech Meetup_Session_2
sansan_randd
1
150
実践!カスタムインストラクション&スラッシュコマンド
puku0x
0
290
Grafana Meetup Japan Vol. 6
kaedemalu
1
360
COVESA VSSによる車両データモデルの標準化とAWS IoT FleetWiseの活用
osawa
1
230
Vault を基盤として整備し、 みんなに使ってもらえるようになるまで
takahiko
1
120
開発者を支える Internal Developer Portal のイマとコレカラ / To-day and To-morrow of Internal Developer Portals: Supporting Developers
aoto
PRO
1
410
Featured
See All Featured
Build The Right Thing And Hit Your Dates
maggiecrowley
37
2.8k
How to train your dragon (web standard)
notwaldorf
96
6.2k
How to Ace a Technical Interview
jacobian
279
23k
Building Flexible Design Systems
yeseniaperezcruz
328
39k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
Gamification - CAS2011
davidbonilla
81
5.4k
Unsuck your backbone
ammeep
671
58k
[RailsConf 2023] Rails as a piece of cake
palkan
57
5.8k
Rails Girls Zürich Keynote
gr2m
95
14k
Why You Should Never Use an ORM
jnunemaker
PRO
59
9.5k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.5k
Speed Design
sergeychernyshev
32
1.1k
Transcript
Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConfigured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConfigured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!