One way of securing your secret keys from external viewers and codebase is to use environment variables.

In Python, you can use the os.getenv('THE_KEY') or os.environ.get('THE_KEY').
For example, when working in Python, you can change tell Django to search for the value of the SECRET_KEY.

SECRET_KEY = os.getenv("SECRET_KEY") 
# or
SECRET_KEY = os.environ.get("SECRET_KEY") 

These lines will lead to software failure if there is no SECRET_KEY variable in the project's .env file.

To avoid that, you can pass as a second argument a default value.

SECRET_KEY = os.getenv(
    "SECRET_KEY", "django-insecure-r(6dd3yaw_05m5kxki1vb^r6v@x^-g#zi_to7487*!)08oxwf)"
)

These methods are quite useful if you are looking to use env vars in Django. Anyway, you can also check django-environ a Python package that allows you to use the Twelve-factor methodology to configure your Django application with environment variables.

Article posted using bloggu.io. Try it for free.