Lock in $30 Savings on PRO—Offer Ends Soon! ⏳
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Oops I Committed My Secret Key
Search
Philip James
July 20, 2016
Technology
0
420
Oops I Committed My Secret Key
Lightning talk given at DjangoCon US 2016
Philip James
July 20, 2016
Tweet
Share
More Decks by Philip James
See All by Philip James
Frog and Toad Learn about Django Security - NBT6
phildini
0
27
The Elephant and the Serpent (PyLatam 2019)
phildini
0
68
Account Security for the Fashionable App Developer
phildini
1
70
All in the Timing: Side-Channel Attacks
phildini
0
67
Giving Thanks
phildini
0
46
All in the Timing: Side-Channel Attacks in Python
phildini
0
420
API-Driven Django
phildini
1
410
Type uWSGI; Press Enter; What Happens?
phildini
0
100
Type uWSGI; Press Enter; What Happens?
phildini
1
81
Other Decks in Technology
See All in Technology
生成AIでテスト設計はどこまでできる? 「テスト粒度」を操るテーラリング術
shota_kusaba
0
390
プロダクトマネージャーが押さえておくべき、ソフトウェア資産とAIエージェント投資効果 / pmconf2025
i35_267
2
550
Agentic AI Patterns and Anti-Patterns
glaforge
1
170
ガバメントクラウド利用システムのライフサイクルについて
techniczna
0
160
21st ACRi Webinar - AMD Presentation Slide (Nao Sumikawa)
nao_sumikawa
0
230
シンプルを極める。アンチパターンなDB設計の本質
facilo_inc
2
1.7k
SSO方式とJumpアカウント方式の比較と設計方針
yuobayashi
5
200
ML PM Talk #1 - ML PMの分類に関する考察
lycorptech_jp
PRO
1
650
第4回 「メタデータ通り」 リアル開催
datayokocho
0
110
エンジニアリングマネージャー はじめての目標設定と評価
halkt
0
230
Oracle Database@Google Cloud:サービス概要のご紹介
oracle4engineer
PRO
0
680
Ryzen NPUにおけるAI Engineプログラミング
anjn
0
250
Featured
See All Featured
Producing Creativity
orderedlist
PRO
348
40k
GitHub's CSS Performance
jonrohan
1032
470k
We Have a Design System, Now What?
morganepeng
54
7.9k
Visualization
eitanlees
150
16k
Building Flexible Design Systems
yeseniaperezcruz
329
39k
Typedesign – Prime Four
hannesfritz
42
2.9k
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
380
Context Engineering - Making Every Token Count
addyosmani
9
490
Designing Experiences People Love
moore
143
24k
Writing Fast Ruby
sferik
630
62k
Optimising Largest Contentful Paint
csswizardry
37
3.5k
Large-scale JavaScript Application Architecture
addyosmani
514
110k
Transcript
Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConfigured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConfigured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!
phildini
shota_kusaba
i35_267
glaforge
techniczna
nao_sumikawa
facilo_inc
yuobayashi
lycorptech_jp
datayokocho
halkt
oracle4engineer
anjn
orderedlist
jonrohan
morganepeng
eitanlees
yeseniaperezcruz
hannesfritz
tammyeverts
addyosmani
moore
sferik
csswizardry
