Oops I Committed My Secret Key

July 20, 2016

430

Oops I Committed My Secret Key

Lightning talk given at DjangoCon US 2016

Philip James

July 20, 2016

More Decks by Philip James

See All by Philip James

Frog and Toad Learn about Django Security - NBT6

0

28

The Elephant and the Serpent (PyLatam 2019)

0

70

Account Security for the Fashionable App Developer

1

73

All in the Timing: Side-Channel Attacks

0

70

0

48

All in the Timing: Side-Channel Attacks in Python

0

420

API-Driven Django

1

430

Type uWSGI; Press Enter; What Happens?

0

110

Type uWSGI; Press Enter; What Happens?

1

86

Other Decks in Technology

See All in Technology

ASTのGitHub CopilotとCopilot CLIの現在地をお話しします/How AST Operates GitHub Copilot and Copilot CLI

1

220

AI時代に新卒採用、はじめました/junior-engineer-never-die

0

240

Strands Agents × Amazon Bedrock AgentCoreでパーソナルAIエージェントを作ろう

2

270

Introduction to Bill One Development Engineer

PRO

0

400

NgRx SignalStore: The Power of Extensibility

rainerhahnekamp

0

210

え！？初参加で 300冊以上も頒布！？これは大成功！そのはずなのにわいの財布は赤字の件

0

120

Data Hubグループ紹介資料

PRO

0

2.9k

60分で学ぶ最新Webフロントエンド

PRO

18

8.8k

Bluesky Meetup in Tokyo vol.4 - 2023to2026

0

150

終盤で崩壊させないAI駆動開発

0

500

研究開発部メンバーの働き⽅ / Sansan R&D Profile

PRO

4

23k

DevOpsDays2026 Tokyo Cross-border practices to connect "safety" and "DX" in healthcare

0

130

Featured

See All Featured

The #1 spot is gone: here's how to win anyway

tamaranovitovic

2

1k

Design in an AI World

0

190

Statistics for Hackers

799

230k

SEO Brein meetup: CTRL+C is not how to scale international SEO

1

2.5k

Kristin Tynski - Automating Marketing Tasks With AI

PRO

0

220

Why You Should Never Use an ORM

PRO

61

9.8k

Winning Ecommerce Organic Search in an AI Era - #searchnstuff2025

1

2k

Redefining SEO in the New Era of Traffic Generation

1

270

コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI

61

43k

The Hidden Cost of Media on the Web [PixelPalooza 2025]

2

260

Un-Boring Meetings

0

260

Getting science done with accelerated Python computing platforms

2

160

Transcript

Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConﬁgured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConﬁgured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!