Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Oops I Committed My Secret Key
Search
Philip James
July 20, 2016
Technology
0
420
Oops I Committed My Secret Key
Lightning talk given at DjangoCon US 2016
Philip James
July 20, 2016
Tweet
Share
More Decks by Philip James
See All by Philip James
Frog and Toad Learn about Django Security - NBT6
phildini
0
26
The Elephant and the Serpent (PyLatam 2019)
phildini
0
67
Account Security for the Fashionable App Developer
phildini
1
66
All in the Timing: Side-Channel Attacks
phildini
0
66
Giving Thanks
phildini
0
45
All in the Timing: Side-Channel Attacks in Python
phildini
0
420
API-Driven Django
phildini
1
400
Type uWSGI; Press Enter; What Happens?
phildini
0
97
Type uWSGI; Press Enter; What Happens?
phildini
1
79
Other Decks in Technology
See All in Technology
AIが書いたコードをAIが検証する!自律的なモバイルアプリ開発の実現
henteko
1
350
Where will it converge?
ibknadedeji
0
190
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
11
78k
ZOZOのAI活用実践〜社内基盤からサービス応用まで〜
zozotech
PRO
0
200
自作LLM Native GORM Pluginで実現する AI Agentバックテスト基盤構築
po3rin
2
290
「AI駆動PO」を考えてみる - 作る速さから価値のスループットへ:検査・適応で未来を開発 / AI-driven product owner. scrummat2025
yosuke_nagai
4
630
SREとソフトウェア開発者の合同チームはどのようにS3のコストを削減したか?
muziyoshiz
1
100
多様な事業ドメインのクリエイターへ 価値を届けるための営みについて
massyuu
1
400
生成AIを活用したZennの取り組み事例
ryosukeigarashi
0
210
AIAgentの限界を超え、 現場を動かすWorkflowAgentの設計と実践
miyatakoji
0
150
Function calling機能をPLaMo2に実装するには / PFN LLMセミナー
pfn
PRO
0
970
20201008_ファインディ_品質意識を育てる役目は人かAIか___2_.pdf
findy_eventslides
1
520
Featured
See All Featured
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
32
2.2k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
140
34k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
358
30k
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
Side Projects
sachag
455
43k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.2k
Rebuilding a faster, lazier Slack
samanthasiow
84
9.2k
Unsuck your backbone
ammeep
671
58k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
23
1.5k
The Straight Up "How To Draw Better" Workshop
denniskardys
237
140k
The Invisible Side of Design
smashingmag
301
51k
Transcript
Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConfigured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConfigured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!