Oops I Committed My Secret Key

July 20, 2016

400

Oops I Committed My Secret Key

Lightning talk given at DjangoCon US 2016

Philip James

July 20, 2016

Tweet

More Decks by Philip James

See All by Philip James

Frog and Toad Learn about Django Security - NBT6

0

25

The Elephant and the Serpent (PyLatam 2019)

0

50

Account Security for the Fashionable App Developer

1

64

All in the Timing: Side-Channel Attacks

0

56

0

42

All in the Timing: Side-Channel Attacks in Python

0

410

API-Driven Django

1

360

Type uWSGI; Press Enter; What Happens?

0

93

Type uWSGI; Press Enter; What Happens?

1

74

Other Decks in Technology

See All in Technology

[Ruby] Develop a Morse Code Learning Gem & Beep from Strings

1

200

サーバーなしでWordPress運用、できますよ。

0

140

ISUCON、今年も参加してみた / ISUCON, I challenged it again this year.

0

110

スタートアップで取り組んでいるAzureとMicrosoft 365のセキュリティ対策/How to Improve Azure and Microsoft 365 Security at Startup

0

250

生成AIのガバナンスの全体像と現実解

1

230

[トレノケ雲の会 mod.13] 3回目のre:Inventで気づいたこと -CloudOperationsを添えて-

shintaro_fukatsu

0

110

ハイテク休憩

2

190

サイボウズフロントエンドエキスパートチームについて / FrontendExpert Team

cybozuinsideout

5

39k

成果を出しながら成長する、アウトプット駆動のキャッチアップ術 / Output-driven catch-up techniques to grow while producing results

0

410

MasterMemory v3 最速確認会

0

230

Zero Data Loss Autonomous Recovery Service サービス概要

oracle4engineer

1

4.8k

生成AIをより賢くエンジニアのための RAG入門 - Oracle AI Jam Session #20

4

320

Featured

See All Featured

146

15k

Building Adaptive Systems

38

2.3k

29

950

I Don’t Have Time: Getting Over the Fear to Launch Your Podcast

29

2k

Why You Should Never Use an ORM

54

9.1k

Building a Modern Day  E-commerce SEO Strategy

38

7k

Code Review Best Practice

65

17k

Chrome DevTools: State of the Union 2024 - Debugging React & Beyond

3

190

34

3.1k

RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub

132

33k

実際に使うSQLの書き方徹底解説 / pgcon21j-tutorial

171

50k

StorybookのUI Testing Handbookを読んだ

28

5.4k

Transcript

Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConﬁgured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConﬁgured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!