Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Oops I Committed My Secret Key
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Philip James
July 20, 2016
Technology
0
430
Oops I Committed My Secret Key
Lightning talk given at DjangoCon US 2016
Philip James
July 20, 2016
Tweet
Share
More Decks by Philip James
See All by Philip James
Frog and Toad Learn about Django Security - NBT6
phildini
0
27
The Elephant and the Serpent (PyLatam 2019)
phildini
0
69
Account Security for the Fashionable App Developer
phildini
1
71
All in the Timing: Side-Channel Attacks
phildini
0
67
Giving Thanks
phildini
0
46
All in the Timing: Side-Channel Attacks in Python
phildini
0
420
API-Driven Django
phildini
1
420
Type uWSGI; Press Enter; What Happens?
phildini
0
110
Type uWSGI; Press Enter; What Happens?
phildini
1
83
Other Decks in Technology
See All in Technology
日本の85%が使う公共SaaSは、どう育ったのか
taketakekaho
1
210
Sansan Engineering Unit 紹介資料
sansan33
PRO
1
3.9k
生成AIを活用した音声文字起こしシステムの2つの構築パターンについて
miu_crescent
PRO
2
200
登壇駆動学習のすすめ — CfPのネタの見つけ方と書くときに意識していること
bicstone
3
110
GitHub Issue Templates + Coding Agentで簡単みんなでIaC/Easy IaC for Everyone with GitHub Issue Templates + Coding Agent
aeonpeople
1
230
usermode linux without MMU - fosdem2026 kernel devroom
thehajime
0
230
ブロックテーマでサイトをリニューアルした話 / 2026-01-31 Kansai WordPress Meetup
torounit
0
470
ファインディの横断SREがTakumi byGMOと取り組む、セキュリティと開発スピードの両立
rvirus0817
1
1.4k
What happened to RubyGems and what can we learn?
mikemcquaid
0
300
Amazon Bedrock Knowledge Basesチャンキング解説!
aoinoguchi
0
140
Bill One急成長の舞台裏 開発組織が直面した失敗と教訓
sansantech
PRO
2
380
ZOZOにおけるAI活用の現在 ~開発組織全体での取り組みと試行錯誤~
zozotech
PRO
5
5.6k
Featured
See All Featured
Why Your Marketing Sucks and What You Can Do About It - Sophie Logan
marketingsoph
0
75
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
Everyday Curiosity
cassininazir
0
130
sira's awesome portfolio website redesign presentation
elsirapls
0
150
Applied NLP in the Age of Generative AI
inesmontani
PRO
4
2k
Unlocking the hidden potential of vector embeddings in international SEO
frankvandijk
0
170
We Have a Design System, Now What?
morganepeng
54
8k
How to Think Like a Performance Engineer
csswizardry
28
2.4k
Color Theory Basics | Prateek | Gurzu
gurzu
0
200
It's Worth the Effort
3n
188
29k
Information Architects: The Missing Link in Design Systems
soysaucechin
0
780
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
1.2k
Transcript
Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConfigured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConfigured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!
phildini
taketakekaho
sansan33
miu_crescent
bicstone
aeonpeople
thehajime
torounit
rvirus0817
mikemcquaid
aoinoguchi
sansantech
zozotech
marketingsoph
cassininazir
elsirapls
inesmontani
frankvandijk
morganepeng
csswizardry
gurzu
3n
soysaucechin
irinanazarova
