Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Oops I Committed My Secret Key
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Philip James
July 20, 2016
Technology
430
0
Share
Oops I Committed My Secret Key
Lightning talk given at DjangoCon US 2016
Philip James
July 20, 2016
More Decks by Philip James
See All by Philip James
Frog and Toad Learn about Django Security - NBT6
phildini
0
31
The Elephant and the Serpent (PyLatam 2019)
phildini
0
70
Account Security for the Fashionable App Developer
phildini
1
73
All in the Timing: Side-Channel Attacks
phildini
0
73
Giving Thanks
phildini
0
49
All in the Timing: Side-Channel Attacks in Python
phildini
0
430
API-Driven Django
phildini
1
430
Type uWSGI; Press Enter; What Happens?
phildini
0
110
Type uWSGI; Press Enter; What Happens?
phildini
1
87
Other Decks in Technology
See All in Technology
CyberAgent YJC Connect
shimaf4979
1
160
Building Production-Ready Agents Microsoft Agent Framework
_mertmetin
0
160
変化の激しい時代をゴキゲンに生き抜くために 〜ストレスマネジメントのススメ〜
kakehashi
PRO
4
1.1k
AIの揺らぎに“コシ”を与える階層化品質設計
ickx
0
250
[Oracle TechNight#99] 生成AI時代のAI/ML入門 ~ AIとオラクルデータベースの関係 (前半)
oracle4engineer
PRO
2
230
新卒エンジニア研修、ハンズオンの設計における課題と実践知/ #tachikawaany
nishiuma
2
120
QAエンジニアはどうやって プロダクト議論の場に入れるのか?
moritamasami
2
400
会社説明資料|株式会社ギークプラス ソフトウェア事業部
geekplus_tech
0
130
Forget technical debt
ufried
0
170
もっとコンテンツをよく構造化して理解したいので、LLM 時代こそ Taxonomy の設計品質に目を向けたい〜!
morinota
0
190
「誰一人取り残されない」 AIエージェント時代のプロダクト設計思想 Product Management Summit 2026
mizushimac
1
3k
Fabric MCPの紹介と使い分け
ryomaru0825
1
130
Featured
See All Featured
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Navigating the moral maze — ethical principles for Al-driven product design
skipperchong
2
350
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.7k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
12
1.1k
Fireside Chat
paigeccino
42
3.9k
Reflections from 52 weeks, 52 projects
jeffersonlam
356
21k
The Straight Up "How To Draw Better" Workshop
denniskardys
239
140k
Highjacked: Video Game Concept Design
rkendrick25
PRO
1
350
For a Future-Friendly Web
brad_frost
183
10k
GraphQLの誤解/rethinking-graphql
sonatard
75
12k
AI: The stuff that nobody shows you
jnunemaker
PRO
6
630
WENDY [Excerpt]
tessaabrams
10
37k
Transcript
Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConfigured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConfigured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!
SiteGround - Reliable hosting with speed, security, and support you can count on.
phildini
shimaf4979
_mertmetin
kakehashi
ickx
oracle4engineer
nishiuma
moritamasami
geekplus_tech
ufried
morinota
mizushimac
ryomaru0825
samlambert
skipperchong
zakiyama
tammyeverts
paigeccino
jeffersonlam
denniskardys
rkendrick25
brad_frost
sonatard
jnunemaker
tessaabrams
