Oops I Committed My Secret Key

July 20, 2016

420

Oops I Committed My Secret Key

Lightning talk given at DjangoCon US 2016

Philip James

July 20, 2016

Tweet

More Decks by Philip James

See All by Philip James

Frog and Toad Learn about Django Security - NBT6

0

27

The Elephant and the Serpent (PyLatam 2019)

0

69

Account Security for the Fashionable App Developer

1

70

All in the Timing: Side-Channel Attacks

0

67

0

46

All in the Timing: Side-Channel Attacks in Python

0

420

API-Driven Django

1

420

Type uWSGI; Press Enter; What Happens?

0

110

Type uWSGI; Press Enter; What Happens?

1

82

Other Decks in Technology

See All in Technology

Web Intelligence and Visual Media Analytics

PRO

1

6.8k

AI アクセラレータチップ AWS Trainium/Inferentia に今こそ入門

1

270

純粋なイミュータブルモデルを設計してからイベントソーシングと組み合わせるDeciderの実践方法の紹介 /Introducing Decider Pattern with Event Sourcing

1

1.2k

ALB「証明書上限問題」からの脱却

0

220

Java 25に至る道

3

230

AWSと生成AIで学ぶ！実行計画の読み解き方とSQLチューニングの実践

2

610

AI に「学ばせ、調べさせ、作らせる」。Auth0 開発を加速させる7つの実践的アプローチ

0

320

kintone開発のプラットフォームエンジニアの紹介

cybozuinsideout

PRO

0

540

あの夜、私たちは「人間」に戻った。 ── 災害ユートピア、贈与、そしてアジャイルの再構築 / 20260108 Hiromitsu Akiba

PRO

0

750

「リリースファースト」の実感を届けるには〜停滞するチームに変化を起こすアプローチ〜 #RSGT2026

0

1.1k

[PR] はじめてのデジタルアイデンティティという本を書きました

1

820

First-Principles-of-Scrum

4

2.3k

Featured

See All Featured

A Modern Web Designer's Workflow

698

190k

How To Stay Up To Date on Web Technology

791

250k

Making Projects Easy

120

6.5k

Automating Front-end Workflow

1371

200k

Jamie Indigo - Trashchat’s Guide to Black Boxes: Technical SEO Tactics for LLMs

PRO

0

43

Designing Dashboards & Data Visualisations in Web Apps

231

54k

Visual Storytelling: How to be a Superhuman Communicator

2

410

Leadership Guide Workshop - DevTernity 2021

1

190

The Spectacular Lies of Maps

PRO

1

440

The Impact of AI in SEO - AI Overviews June 2024 Edition

5

700

Darren the Foodie - Storyboard

PRO

2

2.2k

brightonSEO & MeasureFest 2025 - Christian Goodrich - Winning strategies for Black Friday CRO & PPC

2

81

Transcript

Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConﬁgured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConﬁgured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!