Oops I Committed My Secret Key

July 20, 2016

420

Oops I Committed My Secret Key

Lightning talk given at DjangoCon US 2016

Philip James

July 20, 2016

Tweet

More Decks by Philip James

See All by Philip James

Frog and Toad Learn about Django Security - NBT6

0

26

The Elephant and the Serpent (PyLatam 2019)

0

67

Account Security for the Fashionable App Developer

1

66

All in the Timing: Side-Channel Attacks

0

64

0

45

All in the Timing: Side-Channel Attacks in Python

0

420

API-Driven Django

1

400

Type uWSGI; Press Enter; What Happens?

0

97

Type uWSGI; Press Enter; What Happens?

1

79

Other Decks in Technology

See All in Technology

AWSで始める実践Dagster入門

1

710

ブロックテーマ時代における、テーマの CSS について考える Toro_Unit / 2025.09.13 @ Shinshu WordPress Meetup

0

130

[ JAWS-UG 東京 CommunityBuilders Night #2 ]SlackとAmazon Q Developerで運用効率化を模索する

3

450

バイブスに「型」を！Kent Beckに学ぶ、AI時代のテスト駆動開発

2

580

OCI Oracle Database Services新機能アップデート(2025/06-2025/08)

oracle4engineer

PRO

0

170

Terraformで構築するセルフサービス型データプラットフォーム / terraform-self-service-data-platform

1

190

COVESA VSSによる車両データモデルの標準化とAWS IoT FleetWiseの活用

1

370

Generative AI Japan 第一回生成AI実践研究会「AI駆動開発の現在地──ブレイクスルーの鍵を握るのはデータ領域」

0

320

KotlinConf 2025_イベントレポート

1

140

Create Ruby native extension gem with Go

0

110

「Linux」という言葉が指すもの

PRO

4

140

Rustから学ぶ非同期処理の仕組み

1

150

Featured

See All Featured

How GitHub (no longer) Works

315

140k

Java REST API Framework Comparison - PWX 2021

33

8.8k

Refactoring Trust on Your Teams (GOTO; Chicago 2020)

35

3.1k

The Success of Rails: Ensuring Growth for the Next 100 Years

46

7.6k

A Modern Web Designer's Workflow

696

190k

Cheating the UX When There Is Nothing More to Optimize - PixelPioneers

stephaniewalter

285

14k

The World Runs on Bad Software

PRO

70

11k

Distributed Sagas: A Protocol for Coordinating Microservices

333

22k

Code Review Best Practice

71

19k

Reflections from 52 weeks, 52 projects

352

21k

Product Roadmaps are Hard

PRO

54

11k

Producing Creativity

PRO

347

40k

Transcript

Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConﬁgured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConﬁgured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!