Oops I Committed My Secret Key

Lightning talk given at DjangoCon US 2016

Philip James

July 20, 2016

Tweet

More Decks by Philip James

See All by Philip James

Frog and Toad Learn about Django Security - NBT6

0

27

The Elephant and the Serpent (PyLatam 2019)

0

69

Account Security for the Fashionable App Developer

1

71

All in the Timing: Side-Channel Attacks

0

67

0

46

All in the Timing: Side-Channel Attacks in Python

0

420

API-Driven Django

1

420

Type uWSGI; Press Enter; What Happens?

0

110

Type uWSGI; Press Enter; What Happens?

1

83

Other Decks in Technology

See All in Technology

フルカイテン株式会社エンジニア向け採用資料

0

10k

OCI Database Management サービス詳細

oracle4engineer

PRO

1

7.4k

AI駆動開発を事業のコアに置く

1

200

All About Sansan – for New Global Engineers

PRO

1

1.3k

日本の85%が使う公共SaaSは、どう育ったのか

1

210

SREのプラクティスを用いた3領域同時マネジメントへの挑戦〜SRE・情シス・セキュリティを統合したチーム運営術〜

coconala_engineer

2

660

Amazon S3 Vectorsを使って資格勉強用AIエージェントを構築してみた

3

450

Context Engineeringの取り組み

0

350

OpenShiftでllm-dを動かそう！

0

110

StrandsとNeptuneを使ってナレッジグラフを構築する

1

120

Introduction to Bill One Development Engineer

PRO

0

360

広告の効果検証を題材にした因果推論の精度検証について

PRO

0

180

Featured

See All Featured

Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum

0

330

How People are Using Generative and Agentic AI to Supercharge Their Products, Projects, Services and Value Streams Today

1

120

The Illustrated Guide to Node.js - THAT Conference 2024

0

260

The State of eCommerce SEO: How to Win in Today's Products SERPs - #SEOweek

2

9.5k

A brief & incomplete history of  UX Design for the World Wide Web: 1989–2019

1

300

The Spectacular Lies of Maps

PRO

1

520

Build The Right Thing And Hit Your Dates

38

3k

SEO in 2025: How to Prepare for the Future of Search

3

3.3k

Efficient Content Optimization with Google Search Console & Apps Script

PRO

1

320

StorybookのUI Testing Handbookを読んだ

31

6.6k

SEOcharity - Dark patterns in SEO and UX: How to avoid them and build a more ethical web

0

120

Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation

PRO

3

2k

Transcript

Oops I Commi*ed My Secret Key Philip James @phildini h*ps:/
/www.wordfugue.com
$ django-admin.py startproject bestthingever $ git init $ git add
. $ git commit -m "Initial commit” $ git push origin master
None
Wait, have I?
YES. Signed Cookies Secure Sessions Password Reset Tokens
What do I do?
import os import warnings from django.core.exceptions import ImproperlyConﬁgured def get_env_variable(var_name):
""" Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConﬁgured(error_msg)
SECRET_KEY = get_env_variable("SECRET_KEY")
How do I get a new key?
h*p:/ /www.miniwebtool.com/django-secret-key-generator/ $ python manage.py shell >>> from django.utils.crypto import
get_random_string >>> get_random_string(length=50)
What about my users?
OpOonal: No permanent key
Thanks. @phildini h*p:/ /bit.ly/secret-key Come back at 1:15PM for “Cat
on yer head”!