Oops I Committed My Secret Key

Oops I Committed My Secret Key

Lightning talk given at DjangoCon US 2016

062f9d19b2fb305e6734c778ff01e87b?s=128

Philip James

July 20, 2016
Tweet

Transcript

  1. Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/

    /www.wordfugue.com
  2. $ django-admin.py startproject bestthingever $ git init $ git add

    . $ git commit -m "Initial commit” $ git push origin master
  3. None
  4. Wait, have I?

  5. YES. Signed Cookies Secure Sessions Password Reset Tokens

  6. What do I do?

  7. import os import warnings from django.core.exceptions import ImproperlyConfigured def get_env_variable(var_name):

    """ Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConfigured(error_msg)
  8. SECRET_KEY = get_env_variable("SECRET_KEY")

  9. How do I get a new key?

  10. h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import

    get_random_string >>> get_random_string(length=50)
  11. What about my users?

  12. OpOonal: No permanent key

  13. Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat

    on yer head”!