We currently get SECRET_KEY using os.environ.get with a hardcoded fallback. This is nice for development, since you don't have to remember to set it in the environment, but there's a risk that if you forget to set it in the staging/prod environment, then those servers will use the hardcoded fallback (possibly available in a public github repo).
We currently get SECRET_KEY using
os.environ.get
with a hardcoded fallback. This is nice for development, since you don't have to remember to set it in the environment, but there's a risk that if you forget to set it in the staging/prod environment, then those servers will use the hardcoded fallback (possibly available in a public github repo).Options: