Oops I Committed My Secret Key

July 20, 2016

400

Oops I Committed My Secret Key

Lightning talk given at DjangoCon US 2016

Philip James

July 20, 2016

Tweet

More Decks by Philip James

See All by Philip James

Frog and Toad Learn about Django Security - NBT6

0

25

The Elephant and the Serpent (PyLatam 2019)

0

54

Account Security for the Fashionable App Developer

1

64

All in the Timing: Side-Channel Attacks

0

56

0

42

All in the Timing: Side-Channel Attacks in Python

0

410

API-Driven Django

1

370

Type uWSGI; Press Enter; What Happens?

0

95

Type uWSGI; Press Enter; What Happens?

1

74

Other Decks in Technology

See All in Technology

アーキテクチャわからん、の話

shirayanagiryuji

0

150

“自分”を大切に、フラットに。キャリアチェンジしてからの一年三ヶ月で見えたもの。

0

300

Platform EngineeringがあればSREはいらない!? 新時代のSREに求められる役割とは

2

4k

2

170

20250125_Agent for Amazon Bedrock試してみた

2

110

Zenn のウラガワ ~エンジニアのアウトプットを支える環境で Google Cloud が採用されているワケ~ #burikaigi #burikaigi_h

18

6.9k

バクラクの組織とアーキテクチャ（要約）2025/01版

13

3k

業務ツールをAIエージェントとつなぐ - Composio

0

120

さいきょうのアーキテクチャを生み出すセンスメイキング

0

270

RevOpsへ至る道データ活用による事業革新への挑戦 / path-to-revops

3

810

ハンズオンで学ぶ Databricks - Databricksにおけるデータエンジニアリング

1

2.1k

Amazon Aurora バージョンアップについて、改めて理解する～バージョンアップ手法と文字コードへの影響～

1

250

Featured

See All Featured

How STYLIGHT went responsive

96

5.3k

Learning to Love Humans: Emotional Interface Design

274

40k

The World Runs on Bad Software

67

11k

Designing Experiences People Love

139

23k

We Have a Design System, Now What?

51

7.4k

Practical Tips for Bootstrapping Information Extraction Pipelines

11

900

Being A Developer After 40

89

590k

Understanding Cognitive Biases in Performance Measurement

27

1.5k

The Psychology of Web Performance [Beyond Tellerrand 2023]

45

2.3k

Designing Dashboards & Data Visualisations in Web Apps

231

52k

Testing 201, or: Great Expectations

41

7.2k

Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure

44

9.4k

Transcript

Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConﬁgured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConﬁgured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!