Oops I Committed My Secret Key

July 20, 2016

420

Oops I Committed My Secret Key

Lightning talk given at DjangoCon US 2016

Philip James

July 20, 2016

Tweet

More Decks by Philip James

See All by Philip James

Frog and Toad Learn about Django Security - NBT6

0

27

The Elephant and the Serpent (PyLatam 2019)

0

68

Account Security for the Fashionable App Developer

1

68

All in the Timing: Side-Channel Attacks

0

67

0

45

All in the Timing: Side-Channel Attacks in Python

0

420

API-Driven Django

1

410

Type uWSGI; Press Enter; What Happens?

0

99

Type uWSGI; Press Enter; What Happens?

1

80

Other Decks in Technology

See All in Technology

Amazon ECS デプロイツール ecspresso の開発を支える「正しい抽象化」の探求 / YAPC::Fukuoka 2025

13

3.7k

Black Hat USA 2025 Recap ~ クラウドセキュリティ編 ~

0

550

Devoxx Morocco 2025 - Like Spring but faster: The new Java Jedi

PRO

0

100

ステートレスなLLMでステートフルなAI agentを作る - YAPC::Fukuoka 2025

8

1.3k

重厚長大企業で、顧客価値をスケールさせるためのプロダクトづくりとプロダクト開発チームづくりの裏側 / Developers X Summit 2025

0

140

グローバルなコンパウンド戦略を支えるモジュラーモノリスとドメイン駆動設計

1

390

AI時代の戦略的アーキテクチャ〜Adaptable AI をアーキテクチャで実現する〜 / Enabling Adaptable AI Through Strategic Architecture

PRO

4

130

マーケットプレイス版Oracle WebCenter Content For OCI

oracle4engineer

PRO

4

1.3k

技術広報のOKRで生み出す開発組織への価値〜カンファレンス協賛を通して育む学びの文化〜 / Creating Value for Development Organisations Through Technical Communications OKRs — Nurturing a Culture of Learning Through Conference Sponsorship —

5

380

Javaコミュニティの歩き方～参加から貢献まで、すべて教えます～

0

130

Capitole du Libre 2025 - Keynote - Cloud du Coeur

0

110

Introducing RFC9111 / YAPC::Fukuoka 2025

1

270

Featured

See All Featured

Balancing Empowerment & Direction

5

750

The Psychology of Web Performance [Beyond Tellerrand 2023]

49

3.2k

The MySQL Ecosystem @ GitHub 2015

251

13k

PRO

29

5.6k

YesSQL, Process and Tooling at Scale

174

15k

Site-Speed That Sticks

13

960

Building Applications with DynamoDB

96

6.8k

Faster Mobile Websites

310

31k

Practical Tips for Bootstrapping Information Extraction Pipelines

24

1.6k

[RailsConf 2023 Opening Keynote] The Magic of Rails

31

9.7k

30

1.3k

Chrome DevTools: State of the Union 2024 - Debugging React & Beyond

9

970

Transcript

Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConﬁgured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConﬁgured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!