Oops I Committed My Secret Key

July 20, 2016

370

Oops I Committed My Secret Key

Lightning talk given at DjangoCon US 2016

Philip James

July 20, 2016

Tweet

More Decks by Philip James

See All by Philip James

Frog and Toad Learn about Django Security - NBT6

0

19

The Elephant and the Serpent (PyLatam 2019)

0

42

Account Security for the Fashionable App Developer

1

61

All in the Timing: Side-Channel Attacks

0

48

0

39

All in the Timing: Side-Channel Attacks in Python

0

370

API-Driven Django

1

330

Type uWSGI; Press Enter; What Happens?

0

93

Type uWSGI; Press Enter; What Happens?

1

73

Other Decks in Technology

See All in Technology

MapLibreとAmazon Location Service

1

190

BPStudyの200回を中心にIT業界を振り返る。そしてこれから

3

410

.NET Profiler in 2024.

2

1.5k

生産性向上チームの紹介

cybozuinsideout

1

920

エンジニア候補者向け資料2024.04.24.pdf

0

3.4k

Babylon.js JAPAN活動紹介 (2024/4)

1

120

Max out Local LLM in Challenging Environments

1

110

今年のRubyKaigiはProfiler Year🤘

0

390

MLOpsの「壁」を乗り越える、LINEヤフーの Data Quality as Code

8

630

一生覚えておきたい「システム開発＝コミュニケーション」〜初めての実務案件振り返りLT〜

2

320

プロンプトエンジニアリングでがんばらない-Agentic Workflow へ-近藤憲児

6

1.2k

Oracle Base Database Service 技術詳細

oracle4engineer

5

37k

Featured

See All Featured

Sharpening the Axe: The Primacy of Toolmaking

21

1.4k

457

140k

80

8.8k

Build your cross-platform service in a week with App Engine

226

17k

Building Adaptive Systems

32

1.9k

VelocityConf: Rendering Performance Case Studies

321

23k

Agile that works and the tools we love

325

20k

Dealing with People You Can't Stand - Big Design 2015

358

22k

How GitHub Uses GitHub to Build GitHub

468

290k

Principles of Awesome APIs and How to Build Them.

121

16k

How to train your dragon (web standard)

75

5.2k

No one is an island. Learnings from fostering a developers community.

16

2.1k

Transcript

Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConﬁgured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConﬁgured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!