A secret key has to be be kept secret. Make sure it is only used in production, but nowhere else. Especially, avoid committing it to source control. This increases security and makes it less likely that an attacker may acquire the key.
This settings.py contains a SECRET_KEY. You should not do this!
""" settings.py """
SECRET_KEY = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
Instead of publishing your secret key, you can use an environment variable to set your secret key.
SECRET_KEY = os.environ['SECRET_KEY']
Alternatively, you can read the secret key from a file.
with open('/etc/secret_key.txt') as f:
SECRET_KEY = f.read().strip()