Oops I Committed My Secret Key

July 20, 2016

410

Oops I Committed My Secret Key

Lightning talk given at DjangoCon US 2016

Philip James

July 20, 2016

Tweet

More Decks by Philip James

See All by Philip James

Frog and Toad Learn about Django Security - NBT6

0

26

The Elephant and the Serpent (PyLatam 2019)

0

60

Account Security for the Fashionable App Developer

1

65

All in the Timing: Side-Channel Attacks

0

57

0

43

All in the Timing: Side-Channel Attacks in Python

0

410

API-Driven Django

1

380

Type uWSGI; Press Enter; What Happens?

0

95

Type uWSGI; Press Enter; What Happens?

1

75

Other Decks in Technology

See All in Technology

Microsoft_20250311_AzureIoTPortfolio_PDF.pdf

0

240

ソフトウェア開発におけるインターフェイスという考え方 / PHPerKaigi 2025

3

440

ドメインイベントを活用したPHPコードのリファクタリング

0

570

AI の活用における課題と現状、今後の期待

2

120

VPoEの引き継ぎでやったこと、わかったこと

2

1.1k

AWS のポリシー言語 Cedar を活用した高速かつスケーラブルな認可技術の探求 #phperkaigi / PHPerKaigi 2025

6

740

単一の深層学習モデルによる不確実性の定量化の紹介 ~その予測結果正しいですか？~

3

430

Scala meets WebAssembly

0

160

Agent Mode とは？GitHub Copilot の新機能を探る

1

150

テクスチャ画像付きのメッシュモデルを3次元点群へ変換する

1

420

保育 AI「たよれるくん」で保育の質向上をアシスト

0

140

eBPF-based Process Lifecycle Monitoring

1

150

Featured

See All Featured

What's in a price? How to price your products and services

244

12k

The Pragmatic Product Professional

32

6.5k

How to Think Like a Performance Engineer

22

1.4k

Java REST API Framework Comparison - PWX 2021

29

8.4k

Fight the Zombie Pattern Library - RWD Summit 2016

233

17k

The Invisible Side of Design

299

50k

The Art of Delivering Value - GDevCon NA Keynote

11

1.4k

A Philosophy of Restraint

203

16k

Agile that works and the tools we love

328

21k

Thoughts on Productivity

69

4.5k

Creating an realtime collaboration tool: Agile Flush - .NET Oxford

28

2k

For a Future-Friendly Web

176

9.6k

Transcript

Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConﬁgured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConﬁgured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!