Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Oops I Committed My Secret Key
Search
Philip James
July 20, 2016
Technology
0
380
Oops I Committed My Secret Key
Lightning talk given at DjangoCon US 2016
Philip James
July 20, 2016
Tweet
Share
More Decks by Philip James
See All by Philip James
Frog and Toad Learn about Django Security - NBT6
phildini
0
22
The Elephant and the Serpent (PyLatam 2019)
phildini
0
44
Account Security for the Fashionable App Developer
phildini
1
64
All in the Timing: Side-Channel Attacks
phildini
0
53
Giving Thanks
phildini
0
40
All in the Timing: Side-Channel Attacks in Python
phildini
0
390
API-Driven Django
phildini
1
340
Type uWSGI; Press Enter; What Happens?
phildini
0
93
Type uWSGI; Press Enter; What Happens?
phildini
1
73
Other Decks in Technology
See All in Technology
サービス開発を前に進めるために 新米リードエンジニアが 取り組んだこと / Steps Taken by a Novice Lead Engineer to Advance Service Development
nologyance
0
180
年間一億円削減した時系列データベースのアーキテクチャ改善~不確実性の高いプロジェクトへの挑戦~
lycorptech_jp
PRO
3
2.9k
[NIKKEI Tech Talk]Bias for Action!! 実践から学ぶための仕組とコミュニティ / Community for Practice and Learning
kanamasa
0
280
How to Think Like a Performance Engineer
csswizardry
4
590
DDDにおける認可の扱いとKotlinにおける実装パターン / authorization-for-ddd-and-kotlin-implement-pattern
urmot
4
390
データベース研修 分析向けSQL入門【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
110
技術負債による事業の失敗はなぜ起こるのか / Why do business failures due to technical debt occur?
i35_267
0
190
地理情報とAPIのトレンド
nagix
0
160
E2Eテスト自動化プラットフォームにおけるAIの活用
shift_evolve
0
190
データ分析を支える技術 生成AI再入門
ishikawa_satoru
0
380
RAGのサービスをリリースして1年3ヶ月が経ちました
segavvy
4
950
ABEMAにおけるLLMを用いたコンテンツベース推薦システム導入と効果検証
cyberagentdevelopers
PRO
1
750
Featured
See All Featured
Designing on Purpose - Digital PM Summit 2013
jponch
113
6.6k
It's Worth the Effort
3n
181
27k
Build The Right Thing And Hit Your Dates
maggiecrowley
28
2.2k
How to Think Like a Performance Engineer
csswizardry
4
590
Adopting Sorbet at Scale
ufuk
71
8.8k
For a Future-Friendly Web
brad_frost
173
9.2k
Building an army of robots
kneath
301
42k
Pencils Down: Stop Designing & Start Developing
hursman
118
11k
Code Review Best Practice
trishagee
58
16k
Navigating Team Friction
lara
181
13k
Git: the NoSQL Database
bkeepers
PRO
423
64k
Speed Design
sergeychernyshev
9
270
Transcript
Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConfigured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConfigured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!