Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Oops I Committed My Secret Key

Philip James
July 20, 2016
Technology
0
260

Oops I Committed My Secret Key

Lightning talk given at DjangoCon US 2016

Philip James

July 20, 2016
Tweet

More Decks by Philip James

See All by Philip James
Frog and Toad Learn about Django Security - NBT6
phildini
0
7
The Elephant and the Serpent (PyLatam 2019)
phildini
0
33
Account Security for the Fashionable App Developer
phildini
1
34
All in the Timing: Side-Channel Attacks
phildini
0
36
Giving Thanks
phildini
0
32
All in the Timing: Side-Channel Attacks in Python
phildini
0
310
API-Driven Django
phildini
1
230
Type uWSGI; Press Enter; What Happens?
phildini
0
84
Type uWSGI; Press Enter; What Happens?
phildini
1
62

Other Decks in Technology

See All in Technology
Agile and DevOps の歴史をチェリーピック
kawaguti
PRO
10
1.8k
AWSの「今」 - PHPのコードを素早く動かすための サービスのご紹介 / PHPCon2022 AWS Japan Session
koemu
1
620
音声配信アプリにおけるiOSを使った音声配信の全てと裏側
entaku
1
150
CEDEC2022-xyx-3Dデータを持ち込めるcross-platformメタバースの技術的挑戦.pdf
clustervr
PRO
0
790
20220915modelingLT
levii
4
400
TypeScript
recruitengineers
PRO
5
2.1k
e-RT3 PlusでRclexをいごかしてみる
takasehideki
1
450
OCI サービス基本情報
ocise
2
4.8k
フレームワークのソースコードから知識を深める
weistom
0
290
ポイント付与の非同期化 / Event Driven Point Assignment
komotani
0
110
PHP メモリ管理術
memory1994
PRO
1
160
Confident Learning
asei
1
730

Featured

See All Featured
Ruby is Unlike a Banana
tanoku
91
9.3k
Designing with Data
zakiwarfel
91
4k
Designing Experiences People Love
moore
130
22k
WebSockets: Embracing the real-time Web
robhawkes
58
5.6k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
8
1.1k
Writing Fast Ruby
sferik
612
57k
A Tale of Four Properties
chriscoyier
149
21k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
12
5k
Building an army of robots
kneath
300
40k
Keith and Marios Guide to Fast Websites
keithpitt
404
21k
Optimizing for Happiness
mojombo
364
64k
Build The Right Thing And Hit Your Dates
maggiecrowley
21
1.2k

Transcript

  1. Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/

    /www.wordfugue.com

  2. $ django-admin.py startproject bestthingever $ git init $ git add

    . $ git commit -m "Initial commit” $ git push origin master
  3. None

  4. Wait, have I?

  5. YES. Signed Cookies Secure Sessions Password Reset Tokens

  6. What do I do?

  7. import os import warnings from django.core.exceptions import ImproperlyConfigured def get_env_variable(var_name):

    """ Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConfigured(error_msg)

  8. SECRET_KEY = get_env_variable("SECRET_KEY")

  9. How do I get a new key?

  10. h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import

    get_random_string >>> get_random_string(length=50)

  11. What about my users?

  12. OpOonal: No permanent key

  13. Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat

    on yer head”!