Oops I Committed My Secret Key

July 20, 2016

410

Oops I Committed My Secret Key

Lightning talk given at DjangoCon US 2016

Philip James

July 20, 2016

Tweet

More Decks by Philip James

See All by Philip James

Frog and Toad Learn about Django Security - NBT6

0

26

The Elephant and the Serpent (PyLatam 2019)

0

58

Account Security for the Fashionable App Developer

1

65

All in the Timing: Side-Channel Attacks

0

57

0

42

All in the Timing: Side-Channel Attacks in Python

0

410

API-Driven Django

1

380

Type uWSGI; Press Enter; What Happens?

0

95

Type uWSGI; Press Enter; What Happens?

1

75

Other Decks in Technology

See All in Technology

OPENLOGI Company Profile

0

60k

生成AI×財務経理：PoCで挑むSlack AI Bot開発と現場巻き込みのリアル

1

840

あなたが人生で成功するための5つの普遍的法則 #jawsug #jawsdays2025 / 20250301 HEROZ

2

430

書籍『入門 OpenTelemetry』 / Intro of OpenTelemetry book

4

280

QAエンジニアがスクラムマスターをするといいなぁと思った話

0

200

アジャイルな開発チームでテスト戦略の話は誰がする？ / Who Talks About Test Strategy?

1

870

事業モメンタムを生み出すプロダクト開発

0

110

AWSアカウントのセキュリティ自動化、どこまで進める？　最適な設計と実践ポイント

7

2k

事業を差別化する技術を生み出す技術

2

560

データベースの負荷を紐解く/untangle-the-database-load

2

560

貧民的プログラミングのすすめ

2

220

生成AIがローコードツールになる時代のエンジニアの役割を考える

0

260

Featured

See All Featured

Imperfection Machines: The Place of Print at Facebook

267

13k

Site-Speed That Sticks

4

420

Product Roadmaps are Hard

51

11k

Code Review Best Practice

67

18k

GraphQLとの向き合い方2022年版

44

14k

It's Worth the Effort

184

28k

StorybookのUI Testing Handbookを読んだ

28

5.5k

[RailsConf 2023] Rails as a piece of cake

53

5.3k

Fantastic passwords and where to find them - at NoRuKo

51

3k

Optimizing for Happiness

377

70k

ReactJS: Keep Simple. Everything can be a component!

666

120k

Git: the NoSQL Database

429

65k

Transcript

Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConﬁgured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConﬁgured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!