Oops I Committed My Secret Key

July 20, 2016

420

Oops I Committed My Secret Key

Lightning talk given at DjangoCon US 2016

Philip James

July 20, 2016

Tweet

More Decks by Philip James

See All by Philip James

Frog and Toad Learn about Django Security - NBT6

0

26

The Elephant and the Serpent (PyLatam 2019)

0

67

Account Security for the Fashionable App Developer

1

66

All in the Timing: Side-Channel Attacks

0

61

0

45

All in the Timing: Side-Channel Attacks in Python

0

420

API-Driven Django

1

400

Type uWSGI; Press Enter; What Happens?

0

97

Type uWSGI; Press Enter; What Happens?

1

77

Other Decks in Technology

See All in Technology

Amazon GuardDuty での脅威検出：脅威検出の実例から学ぶ

0

120

AI関数が早くなったので試してみよう

0

320

開発 × 生成AI × コミュニケーション：GENDAの開発現場で感じたコミュニケーションの変化 / GENDA Tech Talk #1

0

280

ロールが細分化された組織でSREと協働するインフラエンジニアは何をするか？ / SRE Lounge #18

0

230

LLM 機能を支える Langfuse / ClickHouse のサーバレス化

9

2.5k

AI時代の大規模データ活用とセキュリティ戦略

0

160

ユーザー課題を愛し抜く――AI時代のPdM価値

PRO

1

130

Claude Codeは仕様駆動の夢を見ない

23

6.9k

o11yツールを乗り換えた話

2

1.6k

専門分化が進む分業下でもユーザーが本当に欲しかったものを追求するプロダクトマネジメント/Focus on real user needs despite deep specialization and division of labor

2

1.4k

MCP認可の現在地と自律型エージェント対応に向けた課題 / MCP Authorization Today and Challenges to Support Autonomous Agents

5

2.4k

メルカリIBIS：AIが拓く次世代インシデント対応

2

250

Featured

See All Featured

A Modern Web Designer's Workflow

695

190k

Exploring the Power of Turbo Streams & Action Cable | RailsConf2023

34

6k

Dealing with People You Can't Stand - Big Design 2015

367

26k

Product Roadmaps are Hard

PRO

54

11k

Distributed Sagas: A Protocol for Coordinating Microservices

333

22k

The World Runs on Bad Software

PRO

70

11k

Why You Should Never Use an ORM

PRO

58

9.5k

A better future with KSS

239

17k

Building Better People: How to give real-time feedback that sticks.

367

19k

[RailsConf 2023 Opening Keynote] The Magic of Rails

30

9.6k

The Invisible Side of Design

301

51k

The MySQL Ecosystem @ GitHub 2015

251

13k

Transcript

Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConﬁgured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConﬁgured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!