SECRET_KEY publishedΒΆ
A secret key has to be be kept secret. Make sure it is only used in production, but nowhere else. Especially, avoid committing it to source control. This increases security and makes it less likely that an attacker may acquire the key.
Anti-patternΒΆ
This settings.py contains a SECRET_KEY. You should not do this!
""" settings.py """
SECRET_KEY = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
Better PracticesΒΆ
Load key from environment variableΒΆ
Instead of publishing your secret key, you can use an environment variable to set your secret key.
import os
SECRET_KEY = os.environ['SECRET_KEY']
Load secret key from fileΒΆ
Alternatively, you can read the secret key from a file.
with open('/etc/secret_key.txt') as f:
SECRET_KEY = f.read().strip()