We've all been guilty of hard-coding secrets at some point. It's just a quick hack, and you'll definitely go back and tidy it up later. But then you forget, and it's all too easy to git push your API keys to GitHub.
This easy to make mistake could end up [costing you thousands of dollars](https://dev.to/juanmanuelramallo/i-was-billed-for-14k-usd-on-amazon-web-services-17fn), and with the [median time to discovery for a secret key leaked to GitHub being 20 seconds](https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04B-3_Meli_paper.pdf) you could end up compromised before you have a chance to correct your error.
In this talk, we'll look at techniques that you can use personally and within your development teams to properly store, share, and manage your secrets, as easily as possible, and most importantly without disrupting your workflow.
Python, PyCon, PyConAU, PyConline
Fri Sep 4 12:45:00 2020 at Obvious