Oops I Committed My Secret Key

July 20, 2016

410

Oops I Committed My Secret Key

Lightning talk given at DjangoCon US 2016

Philip James

July 20, 2016

Tweet

More Decks by Philip James

See All by Philip James

Frog and Toad Learn about Django Security - NBT6

0

26

The Elephant and the Serpent (PyLatam 2019)

0

67

Account Security for the Fashionable App Developer

1

66

All in the Timing: Side-Channel Attacks

0

60

0

45

All in the Timing: Side-Channel Attacks in Python

0

410

API-Driven Django

1

390

Type uWSGI; Press Enter; What Happens?

0

95

Type uWSGI; Press Enter; What Happens?

1

75

Other Decks in Technology

See All in Technology

Amplifyとゼロからはじめた AIコーディング成果と展望

1

340

菸酒生在 LINE Taiwan 的後端雙刀流

line_developers_tw

0

910

ユーザーのプロフィールデータを活用した推薦精度向上の取り組み

0

450

工具人的一生: 開發很多 AI 工具讓我慵懶過一生

line_developers_tw

0

910

Devin(Deep) Wiki/Searchの活用で変わる開発の世界観/devin-wiki-search-impact

0

770

讓測試不再 BB！從 BDD 到 CI/CD，不靠人力也能 MVP

line_developers_tw

0

940

Model Mondays S2E01: Advanced Reasoning

0

430

Snowflake Intelligenceで実現できるノーコードAI活用

takumimukaiyama

1

290

データプラットフォーム技術におけるメダリオンアーキテクチャという考え方/DataPlatformWithMedallionArchitecture

4

370

從四件事帶你見識見識事件驅動架構設計 (EDA)

line_developers_tw

0

820

成立するElixirの再束縛（再代入）可という選択

0

510

自分を理解するAI時代の準備〜マイプロフィールMCPの実装〜

0

110

Featured

See All Featured

Designing for humans not robots

253

25k

Save Time (by Creating Custom Rails Generators)

31

1.2k

Raft: Consensus for Rubyists

140

7k

Cheating the UX When There Is Nothing More to Optimize - PixelPioneers

stephaniewalter

281

13k

It's Worth the Effort

184

28k

How STYLIGHT went responsive

100

5.6k

The Art of Delivering Value - GDevCon NA Keynote

15

1.5k

YesSQL, Process and Tooling at Scale

172

14k

Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure

46

9.6k

Thoughts on Productivity

69

4.7k

Practical Tips for Bootstrapping Information Extraction Pipelines

20

1.3k

Facilitating Awesome Meetings

54

6.4k

Transcript

Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConﬁgured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConﬁgured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!