Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Oops I Committed My Secret Key
Search
Philip James
July 20, 2016
Technology
0
390
Oops I Committed My Secret Key
Lightning talk given at DjangoCon US 2016
Philip James
July 20, 2016
Tweet
Share
More Decks by Philip James
See All by Philip James
Frog and Toad Learn about Django Security - NBT6
phildini
0
23
The Elephant and the Serpent (PyLatam 2019)
phildini
0
44
Account Security for the Fashionable App Developer
phildini
1
64
All in the Timing: Side-Channel Attacks
phildini
0
54
Giving Thanks
phildini
0
42
All in the Timing: Side-Channel Attacks in Python
phildini
0
400
API-Driven Django
phildini
1
350
Type uWSGI; Press Enter; What Happens?
phildini
0
93
Type uWSGI; Press Enter; What Happens?
phildini
1
73
Other Decks in Technology
See All in Technology
山手線一周のパフォーマンス改善
suzukahr
0
160
All your memory are belong to… whom?
ennael
PRO
0
650
tenntennはなんでnewmoにnew社したの? - YAPC::Hakodate 2024
tenntenn
PRO
0
190
「ばん・さく・つき・たー!」にならないためにSHIROBAKOから 学んだこと
ysknsid25
3
660
ITエンジニアとして知っておいてほしい、電子メールという大きな穴
logica0419
6
1.1k
LINEヤフー新卒採用 コーディングテスト解説 アルゴリズム問題編
lycorp_recruit_jp
0
13k
ガバメントクラウド開発と変化と成長する組織 / Organizational change and growth in developing a government cloud
kazeburo
4
730
AI時代のアジャイル開発(XP祭り2024版) / Agile Development in the AI Era in XPJUG
takaking22
13
3.6k
Oracle GoldenGate 23ai 導入Tips
oracle4engineer
PRO
1
260
O'Reilly Superstream: Building a RAG App to Chat with Your Data
pamelafox
0
120
クレジットカードを製造する技術
yutadayo
81
46k
【shownet.conf_】AI技術とUX監視の応用でShowNetの基盤を支えるモニタリングシステム
shownet
PRO
0
360
Featured
See All Featured
Done Done
chrislema
181
16k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
4
120
Design by the Numbers
sachag
278
19k
A better future with KSS
kneath
237
17k
Robots, Beer and Maslow
schacon
PRO
157
8.2k
Writing Fast Ruby
sferik
626
60k
Become a Pro
speakerdeck
PRO
24
4.9k
The Invisible Customer
myddelton
119
13k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
1
280
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
504
140k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.1k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
110
6.9k
Transcript
Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConfigured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConfigured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!