Oops I Committed My Secret Key

July 20, 2016

420

Oops I Committed My Secret Key

Lightning talk given at DjangoCon US 2016

Philip James

July 20, 2016

Tweet

More Decks by Philip James

See All by Philip James

Frog and Toad Learn about Django Security - NBT6

0

26

The Elephant and the Serpent (PyLatam 2019)

0

67

Account Security for the Fashionable App Developer

1

66

All in the Timing: Side-Channel Attacks

0

66

0

45

All in the Timing: Side-Channel Attacks in Python

0

420

API-Driven Django

1

400

Type uWSGI; Press Enter; What Happens?

0

97

Type uWSGI; Press Enter; What Happens?

1

79

Other Decks in Technology

See All in Technology

RDS の負荷が高い場合に AWS で取りうる具体策 N 連発/a-series-of-specific-countermeasures-available-on-aws-when-rds-is-under-high-load

7

4.5k

AI時代、“平均値”ではいられない

8

1.9k

NLPコロキウム20251022_超効率化への挑戦: LLM 1bit量子化のロードマップ

1

170

Introduction to Sansan, inc / Sansan Global Development Center, Inc.

PRO

0

2.8k

JSConf JPのwebsiteをGatsbyからNext.jsに移行した話 - Next.jsの多言語静的サイトと課題

2

180

「最速」で Gemini CLI を使いこなそう！〜Cloud Shell/Cloud Run の活用〜 / The Fastest Way to Master the Gemini CLI — with Cloud Shell and Cloud Run

PRO

0

140

Oracle Base Database Service 技術詳細

oracle4engineer

PRO

12

81k

Copilot Studio ハンズオン - 生成オーケストレーションモード

tomoyasasakimskk

0

190

Introduction to Bill One Development Engineer

PRO

0

300

クラウドとリアルの融合により、製造業はどう変わるのか？〜クラスメソッドの製造業への取組と共に〜

0

320

Implementing and Evaluating a High-Level Language with WasmGC and the Wasm Component Model: Scala’s Case

0

170

だいたい分かった気になる『SREの知識地図』 / introduction-to-sre-knowledge-map-book

PRO

3

1.1k

Featured

See All Featured

XXLCSS - How to scale CSS and keep your sanity

249

1.3M

Balancing Empowerment & Direction

5

700

Agile that works and the tools we love

331

21k

Building a Scalable Design System with Sketch

463

33k

Automating Front-end Workflow

1371

200k

YesSQL, Process and Tooling at Scale

173

15k

It's Worth the Effort

187

28k

Design and Strategy: How to Deal with People Who Don’t "Get" Design

132

19k

Testing 201, or: Great Expectations

45

7.7k

The MySQL Ecosystem @ GitHub 2015

251

13k

[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails

37

2.6k

Building Adaptive Systems

44

2.8k

Transcript

Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConﬁgured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConﬁgured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!