Oops I Committed My Secret Key

July 20, 2016

420

Oops I Committed My Secret Key

Lightning talk given at DjangoCon US 2016

Philip James

July 20, 2016

Tweet

More Decks by Philip James

See All by Philip James

Frog and Toad Learn about Django Security - NBT6

0

26

The Elephant and the Serpent (PyLatam 2019)

0

67

Account Security for the Fashionable App Developer

1

66

All in the Timing: Side-Channel Attacks

0

64

0

45

All in the Timing: Side-Channel Attacks in Python

0

420

API-Driven Django

1

400

Type uWSGI; Press Enter; What Happens?

0

97

Type uWSGI; Press Enter; What Happens?

1

79

Other Decks in Technology

See All in Technology

企業の生成AIガバナンスにおけるエージェントとセキュリティ

PRO

2

130

Webアプリケーションにオブザーバビリティを実装するRust入門ガイド

3

580

Grafana MCPサーバーによるAIエージェント経由でのGrafanaダッシュボード動的生成

1

1.5k

20250903_1つのAWSアカウントに複数システムがある環境におけるアクセス制御をABACで実現.pdf

3

500

未経験者・初心者に贈る！40分でわかるAndroidアプリ開発の今と大事なポイント

2

200

AIのグローバルトレンド2025 #scrummikawa / global ai trend

PRO

1

250

生成AI時代のデータ基盤設計〜ペースレイヤリングで実現する高速開発と持続性〜 / Levtech Meetup_Session_2

1

150

実践！カスタムインストラクション＆スラッシュコマンド

0

290

Grafana Meetup Japan Vol. 6

1

360

COVESA VSSによる車両データモデルの標準化とAWS IoT FleetWiseの活用

1

230

Vault を基盤として整備し、みんなに使ってもらえるようになるまで

1

120

開発者を支える Internal Developer Portal のイマとコレカラ / To-day and To-morrow of Internal Developer Portals: Supporting Developers

PRO

1

410

Featured

See All Featured

Build The Right Thing And Hit Your Dates

37

2.8k

How to train your dragon (web standard)

96

6.2k

How to Ace a Technical Interview

279

23k

Building Flexible Design Systems

yeseniaperezcruz

328

39k

ReactJS: Keep Simple. Everything can be a component!

667

120k

Gamification - CAS2011

81

5.4k

Unsuck your backbone

671

58k

[RailsConf 2023] Rails as a piece of cake

57

5.8k

Rails Girls Zürich Keynote

95

14k

Why You Should Never Use an ORM

PRO

59

9.5k

Save Time (by Creating Custom Rails Generators)

PRO

32

1.5k

sergeychernyshev

32

1.1k

Transcript

Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConﬁgured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConﬁgured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!