Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Oops I Committed My Secret Key
Search
Philip James
July 20, 2016
Technology
0
370
Oops I Committed My Secret Key
Lightning talk given at DjangoCon US 2016
Philip James
July 20, 2016
Tweet
Share
More Decks by Philip James
See All by Philip James
Frog and Toad Learn about Django Security - NBT6
phildini
0
19
The Elephant and the Serpent (PyLatam 2019)
phildini
0
42
Account Security for the Fashionable App Developer
phildini
1
61
All in the Timing: Side-Channel Attacks
phildini
0
48
Giving Thanks
phildini
0
39
All in the Timing: Side-Channel Attacks in Python
phildini
0
370
API-Driven Django
phildini
1
330
Type uWSGI; Press Enter; What Happens?
phildini
0
93
Type uWSGI; Press Enter; What Happens?
phildini
1
73
Other Decks in Technology
See All in Technology
MapLibreとAmazon Location Service
dayjournal
1
190
BPStudyの200回を中心にIT業界を振り返る。そしてこれから
haru860
3
410
.NET Profiler in 2024.
kkamegawa
2
1.5k
生産性向上チームの紹介
cybozuinsideout
PRO
1
920
エンジニア候補者向け資料2024.04.24.pdf
macloud
0
3.4k
Babylon.js JAPAN活動紹介 (2024/4)
limes2018
1
120
Max out Local LLM in Challenging Environments
sashimimochi
1
110
今年のRubyKaigiはProfiler Year🤘
osyoyu
0
390
MLOpsの「壁」を乗り越える、LINEヤフーの Data Quality as Code
lycorptech_jp
PRO
8
630
一生覚えておきたい「システム開発=コミュニケーション」〜初めての実務案件振り返りLT〜
maimyyym
2
320
プロンプトエンジニアリングでがんばらない-Agentic Workflow へ-近藤憲児
kenjikondobai
6
1.2k
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
5
37k
Featured
See All Featured
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
21
1.4k
Scaling GitHub
holman
457
140k
BBQ
matthewcrist
80
8.8k
Build your cross-platform service in a week with App Engine
jlugia
226
17k
Building Adaptive Systems
keathley
32
1.9k
VelocityConf: Rendering Performance Case Studies
addyosmani
321
23k
Agile that works and the tools we love
rasmusluckow
325
20k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
358
22k
How GitHub Uses GitHub to Build GitHub
holman
468
290k
Principles of Awesome APIs and How to Build Them.
keavy
121
16k
How to train your dragon (web standard)
notwaldorf
75
5.2k
No one is an island. Learnings from fostering a developers community.
thoeni
16
2.1k
Transcript
Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConfigured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConfigured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!