Oops I Committed My Secret Key

Lightning talk given at DjangoCon US 2016

Philip James

July 20, 2016

Tweet

More Decks by Philip James

See All by Philip James

Frog and Toad Learn about Django Security - NBT6

0

28

The Elephant and the Serpent (PyLatam 2019)

0

69

Account Security for the Fashionable App Developer

1

72

All in the Timing: Side-Channel Attacks

0

68

0

46

All in the Timing: Side-Channel Attacks in Python

0

420

API-Driven Django

1

430

Type uWSGI; Press Enter; What Happens?

0

110

Type uWSGI; Press Enter; What Happens?

1

84

Other Decks in Technology

See All in Technology

生成AI活用によるPRレビュー改善の歩み

PRO

4

2k

Introduction to Bill One Development Engineer

PRO

0

380

Data Hubグループ紹介資料

PRO

0

2.8k

技術的負債の泥沼から組織を救う3つの転換点

4

470

AI Coding Agentの地殻変動～ ai-coding.info の定点観測～

1

500

Snowflake Night #2 LT

taromatsui_cccmkhd

0

310

Eight Engineering Unit 紹介資料

PRO

1

6.9k

LINEヤフーにおけるAI駆動開発組織のプロデュース施策

PRO

0

380

JAWS DAYS 2026 CDP道場事前説明会 / JAWS DAYS 2026 CDP Dojo briefing document

0

110

Introduction to Sansan for Engineers / エンジニア向け会社紹介

PRO

6

71k

EMからVPoEを経てCTOへ：マネジメントキャリアパスにおける葛藤と成長

PRO

3

150

三菱UFJ銀行におけるエンタープライズAI駆動開発のリアル / Enterprise AI_Driven Development at MUFG Bank: The Real Story

10

20k

Featured

See All Featured

Cheating the UX When There Is Nothing More to Optimize - PixelPioneers

stephaniewalter

287

14k

Practical Orchestrator

191

11k

The SEO identity crisis: Don't let AI make you average

0

400

The Anti-SEO Checklist Checklist. Pubcon Cyber Week

0

85

[RailsConf 2023] Rails as a piece of cake

59

6.3k

CSS Pre-Processors: Stylus, Less & Sass

360

30k

Performance Is Good for Brains [We Love Speed 2024]

12

1.4k

1

480

Into the Great Unknown - MozCon

40

2.3k

Ethics towards AI in product and experience design

2

210

Building the Perfect Custom Keyboard

2

700

The untapped power of vector embeddings

2

1.6k

Transcript

Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConﬁgured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConﬁgured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!