Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Oops I Committed My Secret Key
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Philip James
July 20, 2016
Technology
430
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Oops I Committed My Secret Key
Lightning talk given at DjangoCon US 2016
Philip James
July 20, 2016
More Decks by Philip James
See All by Philip James
Frog and Toad Learn about Django Security - NBT6
phildini
0
33
The Elephant and the Serpent (PyLatam 2019)
phildini
0
75
Account Security for the Fashionable App Developer
phildini
1
75
All in the Timing: Side-Channel Attacks
phildini
0
78
Giving Thanks
phildini
0
50
All in the Timing: Side-Channel Attacks in Python
phildini
0
430
API-Driven Django
phildini
1
440
Type uWSGI; Press Enter; What Happens?
phildini
0
120
Type uWSGI; Press Enter; What Happens?
phildini
1
95
Other Decks in Technology
See All in Technology
起点・思考・出力で分解する 〜PM業務の自動化設計〜
kazu_kichi_67
2
1.1k
AI 不只幫你寫 Code: 當專案從 300 暴增到 1500, 我們如何撐住 DevOps
appleboy
0
250
千葉での単身赴任からAWSをやり続け、千葉に戻ってきた話
yama3133
1
120
FPGAの開発コンペでZephyrを使ってみた
iotengineer22
0
210
AIペネトレーションテスト・ セキュリティ検証「AgenticSec」紹介資料
laysakura
2
7.6k
元銀行員がAIだけでアプリを量産!「バイブコーディング実演セミナー 」
tatsuya1970
0
110
“詰む”前に仕組みを作れ 〜技術の波に溺れないためのキャッチアップ術〜
takasyou
7
4k
感情と身体を置き去りにしない、エンジニアの生きのこり方 ──いまから、ここから「自分の状態」を扱うという選択
saorimurooka
0
340
サイバーエージェントにおけるAI推進戦略と変革への取り組み
shotatsuge
0
580
AI時代のコスト管理を考えよう〜明日から使える実践AWSノウハウ~
yoshimi0227
0
900
GitHub Copilot運用のリアル ~AI Credit時代にどう向き合うか~
takafumisu2uk1
0
390
AIをフル活用してオンコール機能のプロトタイプを2日で作った話 / Building an AI-Powered On-Call Prototype in Just Two Days
nari_ex
0
140
Featured
See All Featured
How to make the Groovebox
asonas
2
2.2k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
52k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
10
1.2k
Building the Perfect Custom Keyboard
takai
2
800
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.8k
Discover your Explorer Soul
emna__ayadi
2
1.1k
AI Search: Where Are We & What Can We Do About It?
aleyda
0
7.6k
Data-driven link building: lessons from a $708K investment (BrightonSEO talk)
szymonslowik
1
1.1k
Testing 201, or: Great Expectations
jmmastey
46
8.2k
From Legacy to Launchpad: Building Startup-Ready Communities
dugsong
0
240
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
128
56k
Exploring the relationship between traditional SERPs and Gen AI search
raygrieselhuber
PRO
2
4k
Transcript
Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConfigured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConfigured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!