Can you keep a secret?

A presentation at PyGotham in in New York, NY, USA by Aaron Bassett

We’ve all been guilty of hard-coding secrets at some point. It’s just a quick hack, and you’ll definitely go back and tidy it up later. But then you forget, and it’s all too easy to git push your API keys to GitHub.

This easy to make mistake could end up costing you thousands of dollars, and with the median time to discovery for a secret key leaked to GitHub being 20 seconds you could end up compromised before you have a chance to correct your error.

In this talk, we’ll look at techniques that you can use personally and within your development teams to properly store, share, and manage your secrets, as easily as possible without disrupting your workflow.



The following resources were mentioned during the presentation or are useful additional information.


The following code examples from the presentation can be tried out live.

Buzz and feedback

Here’s what was said about this presentation on social media.