Oops I Committed My Secret Key

July 20, 2016

420

Oops I Committed My Secret Key

Lightning talk given at DjangoCon US 2016

Philip James

July 20, 2016

Tweet

More Decks by Philip James

See All by Philip James

Frog and Toad Learn about Django Security - NBT6

0

26

The Elephant and the Serpent (PyLatam 2019)

0

67

Account Security for the Fashionable App Developer

1

66

All in the Timing: Side-Channel Attacks

0

66

0

45

All in the Timing: Side-Channel Attacks in Python

0

420

API-Driven Django

1

400

Type uWSGI; Press Enter; What Happens?

0

97

Type uWSGI; Press Enter; What Happens?

1

79

Other Decks in Technology

See All in Technology

AIが書いたコードをAIが検証する！自律的なモバイルアプリ開発の実現

1

350

Where will it converge?

0

190

Oracle Base Database Service 技術詳細

oracle4engineer

PRO

11

78k

ZOZOのAI活用実践〜社内基盤からサービス応用まで〜

PRO

0

200

自作LLM Native GORM Pluginで実現する AI Agentバックテスト基盤構築

2

290

「AI駆動PO」を考えてみる - 作る速さから価値のスループットへ：検査・適応で未来を開発 / AI-driven product owner. scrummat2025

4

630

SREとソフトウェア開発者の合同チームはどのようにS3のコストを削減したか？

1

100

多様な事業ドメインのクリエイターへ価値を届けるための営みについて

1

400

生成AIを活用したZennの取り組み事例

ryosukeigarashi

0

210

AIAgentの限界を超え、現場を動かすWorkflowAgentの設計と実践

0

150

Function calling機能をPLaMo2に実装するには / PFN LLMセミナー

PRO

0

970

20201008_ファインディ_品質意識を育てる役目は人かAIか___2_.pdf

findy_eventslides

1

520

Featured

See All Featured

Put a Button on it: Removing Barriers to Going Fast.

60

4k

Creating an realtime collaboration tool: Agile Flush - .NET Oxford

32

2.2k

RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub

140

34k

CSS Pre-Processors: Stylus, Less & Sass

358

30k

How To Stay Up To Date on Web Technology

791

250k

455

43k

Performance Is Good for Brains [We Love Speed 2024]

12

1.2k

Rebuilding a faster, lazier Slack

84

9.2k

Unsuck your backbone

671

58k

Practical Tips for Bootstrapping Information Extraction Pipelines

PRO

23

1.5k

The Straight Up "How To Draw Better" Workshop

237

140k

The Invisible Side of Design

301

51k

Transcript

Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConﬁgured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConﬁgured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!