3

I have a question regarding Django and Secret Key. Unfortunately, I've did a commit to a public repositary with secret key visible. Then I got a message:

GitGuardian has detected the following Django Secret Key exposed within your GitHub account.

I then immediatelly deleted this repo from my github but still worried if something can happen to me. The app was just hello world on my localserver. I red some articles that it is very dangerous but I am not sure if someone can hack me by this. Can you advise? Thanks.

magicThorsten
  • 31
  • 2
  • You don't have anything to worry about. If this was a real application that was being made public to the world, you're app would be at risk, but since this was a local app, you're fine. – Jeff Gruenbaum Feb 18 '22 at 15:10
  • Hi @JeffGruenbaum, thanks for your answer :) If I deleted repo from my github is there any way for someone to check this Secret Key? I am not sure if I need to delete also somewhere my history or something like that. I am worrying about my bank accounts because I read that using this Secret key the others can check my caches and something but maybe I misunderstood. – magicThorsten Feb 18 '22 at 15:14
  • No, you truly have nothing to worry about. Since you didn't publish your app to a server, there's no way someone could use the key in a malicious way. – Jeff Gruenbaum Feb 18 '22 at 15:15
  • 1
    Okay, thanks a lot for clarification. I can sleep calm now :) – magicThorsten Feb 18 '22 at 15:16

1 Answers1

0

If by hacking you mean attackers can see your private files and your device is in danger, i can certainly say this won't happen

The only thing threatens you is when:

  1. the attacker is connected to your local network and,
  2. your Django application is running

because you are running your django application in a localhost and localhost is local and hide from the public network. it is only available when someone is connected to your network.

the purpose of SECRET_KEY is to secure signed data and attackers can't use it to generate their own signed values. you can read more of the danger of a leaked SECRET_KEY in here

But it wont make trouble for you since you haven't hosted it publicly . unless your neighborhoods hack your wireless home network and waited for your Django application to run and make a session for himself which is not important cause you have nothing valuable on your project .

So don't worry about it

jexroid
  • 11
  • 4