Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Oops I Committed My Secret Key
Search
Philip James
July 20, 2016
Technology
0
390
Oops I Committed My Secret Key
Lightning talk given at DjangoCon US 2016
Philip James
July 20, 2016
Tweet
Share
More Decks by Philip James
See All by Philip James
Frog and Toad Learn about Django Security - NBT6
phildini
0
25
The Elephant and the Serpent (PyLatam 2019)
phildini
0
44
Account Security for the Fashionable App Developer
phildini
1
64
All in the Timing: Side-Channel Attacks
phildini
0
54
Giving Thanks
phildini
0
42
All in the Timing: Side-Channel Attacks in Python
phildini
0
410
API-Driven Django
phildini
1
360
Type uWSGI; Press Enter; What Happens?
phildini
0
93
Type uWSGI; Press Enter; What Happens?
phildini
1
73
Other Decks in Technology
See All in Technology
DynamoDB でスロットリングが発生したとき/when_throttling_occurs_in_dynamodb_short
emiki
0
250
エンジニア人生の拡張性を高める 「探索型キャリア設計」の提案
tenshoku_draft
1
130
心が動くエンジニアリング ── 私が夢中になる理由
16bitidol
0
100
【Pycon mini 東海 2024】Google Colaboratoryで試すVLM
kazuhitotakahashi
2
540
いざ、BSC討伐の旅
nikinusu
2
780
Lexical Analysis
shigashiyama
1
150
OTelCol_TailSampling_and_SpanMetrics
gumamon
1
190
OCI Security サービス 概要
oracle4engineer
PRO
0
6.5k
これまでの計測・開発・デプロイ方法全部見せます! / Findy ISUCON 2024-11-14
tohutohu
3
370
AWS Lambdaと歩んだ“サーバーレス”と今後 #lambda_10years
yoshidashingo
1
180
OCI 運用監視サービス 概要
oracle4engineer
PRO
0
4.8k
CDCL による厳密解法を採用した MILP ソルバー
imai448
3
120
Featured
See All Featured
Imperfection Machines: The Place of Print at Facebook
scottboms
265
13k
BBQ
matthewcrist
85
9.3k
Fashionably flexible responsive web design (full day workshop)
malarkey
405
65k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
159
15k
Speed Design
sergeychernyshev
25
620
Optimising Largest Contentful Paint
csswizardry
33
2.9k
Typedesign – Prime Four
hannesfritz
40
2.4k
KATA
mclloyd
29
14k
How to train your dragon (web standard)
notwaldorf
88
5.7k
Building a Scalable Design System with Sketch
lauravandoore
459
33k
Rebuilding a faster, lazier Slack
samanthasiow
79
8.7k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
109
49k
Transcript
Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConfigured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConfigured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!