$30 off During Our Annual Pro Sale. View Details »

Oops I Committed My Secret Key

Philip James
July 20, 2016
Technology
0
350

Oops I Committed My Secret Key

Lightning talk given at DjangoCon US 2016

Philip James

July 20, 2016
Tweet

More Decks by Philip James

See All by Philip James
Frog and Toad Learn about Django Security - NBT6
phildini
0
17
The Elephant and the Serpent (PyLatam 2019)
phildini
0
39
Account Security for the Fashionable App Developer
phildini
1
45
All in the Timing: Side-Channel Attacks
phildini
0
47
Giving Thanks
phildini
0
39
All in the Timing: Side-Channel Attacks in Python
phildini
0
350
API-Driven Django
phildini
1
300
Type uWSGI; Press Enter; What Happens?
phildini
0
91
Type uWSGI; Press Enter; What Happens?
phildini
1
71

Other Decks in Technology

See All in Technology
Snowflake x Terraformに自動テストを導入した話
kddisnowvillage
0
150
分散型SNS最新状況
kojira
0
180
DMBOKを参考にしたデータマネジメントの取り組み
ttccddtoki
3
1k
APIテスト導入から2年。アジャイルな組織で見えてきたmabl活用の道
bengo4com
0
1.9k
Podman_update_2023-11
orimanabu
1
270
3つの⽴場で考える技術的負債への組織的アプローチ
sansantech
PRO
15
4.6k
20年以上続くサービスの 管理画面リプレイスを行いながら 技術的負債と向き合った話
radkmb
0
1.9k
Oracle Cloud Infrastructure(OCI):ご利用ガイド/Onboarding Session Part2(サポートサービスご案内)
oracle4engineer
PRO
0
2.1k
Kotlin製のGraphQLサーバーをNode.jsでモジュラモノリス化している話
hokaccha
1
2k
ROSCon 2023参加報告:Real-Time Workshop & Zenoh's Current Status and Forecast
takasehideki
1
190
急成長スタートアップにおける技術的負債とトレードオフ・スライダー / Technical Debt and Trade-off Sliders in Fast-Growing Startups
codenote
2
2.1k
The future is already here – Mastering the challenges of the coming years
ufried
0
150

Featured

See All Featured
4 Signs Your Business is Dying
shpigford
172
21k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
152
14k
Being A Developer After 40
akosma
52
580k
Embracing the Ebb and Flow
colly
77
3.8k
Scaling GitHub
holman
455
140k
The Cost Of JavaScript in 2023
addyosmani
9
3k
A Philosophy of Restraint
colly
194
15k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
15
1.6k
StorybookのUI Testing Handbookを読んだ
zakiyama
9
4.1k
Fireside Chat
paigeccino
18
2.3k
Art, The Web, and Tiny UX
lynnandtonic
286
19k
Making Projects Easy
brettharned
105
5.2k

Transcript

  1. Oops I Commi*ed My
    Secret Key
    Philip James
    @phildini
    h*ps:/
    /www.wordfugue.com

    View Slide

  2. $ django-admin.py startproject bestthingever
    $ git init
    $ git add .
    $ git commit -m "Initial commit”
    $ git push origin master

    View Slide

  3. View Slide

  4. Wait, have I?

    View Slide

  5. YES.
    Signed Cookies
    Secure Sessions
    Password Reset Tokens

    View Slide

  6. What do I do?

    View Slide

  7. import os
    import warnings
    from django.core.exceptions import ImproperlyConfigured
    def get_env_variable(var_name):
    """ Get the environment variable or return exception """
    try:
    return os.environ[var_name]
    except KeyError:
    error_msg = "Set the %s env variable" % var_name
    if DEBUG:
    warnings.warn(error_msg)
    else:
    raise ImproperlyConfigured(error_msg)

    View Slide

  8. SECRET_KEY = get_env_variable("SECRET_KEY")

    View Slide

  9. How do I get a new key?

    View Slide

  10. h*p:/
    /www.miniwebtool.com/django-secret-key-generator/
    $ python manage.py shell
    >>> from django.utils.crypto import get_random_string
    >>> get_random_string(length=50)

    View Slide

  11. What about my users?

    View Slide

  12. OpOonal: No permanent key

    View Slide

  13. Thanks.
    @phildini
    h*p:/
    /bit.ly/secret-key
    Come back at
    1:15PM for
    “Cat on yer head”!

    View Slide