Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Oops I Committed My Secret Key
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Philip James
July 20, 2016
Technology
0
430
Oops I Committed My Secret Key
Lightning talk given at DjangoCon US 2016
Philip James
July 20, 2016
Tweet
Share
More Decks by Philip James
See All by Philip James
Frog and Toad Learn about Django Security - NBT6
phildini
0
28
The Elephant and the Serpent (PyLatam 2019)
phildini
0
70
Account Security for the Fashionable App Developer
phildini
1
73
All in the Timing: Side-Channel Attacks
phildini
0
70
Giving Thanks
phildini
0
48
All in the Timing: Side-Channel Attacks in Python
phildini
0
420
API-Driven Django
phildini
1
430
Type uWSGI; Press Enter; What Happens?
phildini
0
110
Type uWSGI; Press Enter; What Happens?
phildini
1
85
Other Decks in Technology
See All in Technology
20年以上続く PHP 大規模プロダクトを Kubernetes へ ── クラウド基盤刷新プロジェクトの4年間
oogfranz
PRO
0
160
Kiro Meetup #7 Kiro アップデート (2025/12/15〜2026/3/20)
katzueno
2
210
Bill One 開発エンジニア 紹介資料
sansan33
PRO
5
18k
Windows ファイル共有(SMB)を再確認する
murachiakira
PRO
0
220
エンジニアリングマネージャーの仕事
yuheinakasaka
0
120
「通るまでRe-run」から卒業!落ちないテストを書く勘所
asumikam
2
460
A4)シラバスを超えて語る、テストマネジメント
moritamasami
0
110
既存アプリの延命も,最新技術での新規開発も:WebSphereの最新情報
ktgrryt
0
110
スピンアウト講座04_ルーティン処理
overflowinc
0
730
Phase02_AI座学_応用
overflowinc
0
1.9k
_Architecture_Modernization_から学ぶ現状理解から設計への道のり.pdf
satohjohn
2
670
ガバメントクラウドにおけるAWSの長期継続割引について
takeda_h
2
5.4k
Featured
See All Featured
The Curious Case for Waylosing
cassininazir
0
270
The #1 spot is gone: here's how to win anyway
tamaranovitovic
2
990
The Invisible Side of Design
smashingmag
302
51k
HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy
inesmontani
PRO
0
280
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
davidcarrasco
3
81
Claude Code のすすめ
schroneko
67
220k
What does AI have to do with Human Rights?
axbom
PRO
1
2k
Principles of Awesome APIs and How to Build Them.
keavy
128
17k
Typedesign – Prime Four
hannesfritz
42
3k
Chasing Engaging Ingredients in Design
codingconduct
0
150
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
46
2.7k
Lessons Learnt from Crawling 1000+ Websites
charlesmeaden
PRO
1
1.2k
Transcript
Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConfigured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConfigured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!
phildini
oogfranz
katzueno
sansan33
murachiakira
yuheinakasaka
asumikam
moritamasami
ktgrryt
overflowinc
satohjohn
takeda_h
cassininazir
tamaranovitovic
smashingmag
inesmontani
davidcarrasco
schroneko
axbom
keavy
hannesfritz
codingconduct
bcantrill
charlesmeaden
