Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up
for free
Oops I Committed My Secret Key
Philip James
July 20, 2016
Technology
0
110
Oops I Committed My Secret Key
Lightning talk given at DjangoCon US 2016
Philip James
July 20, 2016
Tweet
Share
More Decks by Philip James
See All by Philip James
phildini
0
25
phildini
1
25
phildini
0
26
phildini
0
27
phildini
0
250
phildini
1
180
phildini
0
69
phildini
1
55
phildini
0
110
Other Decks in Technology
See All in Technology
kanaugust
PRO
0
160
hacker2202
0
760
sat
1
980
kentaro
1
390
hecateball
1
12k
kaga
0
190
minamizaki
0
580
clustervr
0
200
satotakeshi
2
420
cmwatanabeseigo
0
330
shomaekawa
3
1.1k
clustervr
0
190
Featured
See All Featured
rmw
11
740
schacon
145
6.6k
brianwarren
83
4.7k
wjessup
338
16k
erikaheidi
13
4.2k
mongodb
23
3.8k
geeforr
332
29k
samanthasiow
56
6.3k
marcelosomers
220
15k
morganepeng
17
1.1k
addyosmani
494
110k
hatefulcrawdad
257
17k
Transcript
Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConfigured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConfigured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!