No secrets in source code

[Ragnar-H]

Description

I'm not up to date on the security involved in a Django app.

However, I'm pretty sure the secret key shouldn't be part of the source code

Environment

All

Resolution

Resolving this issue will entail:

1. Removing the secret key from source code
2. Updating documentation with how one should set up their development environment
3. Set secret key on hosting server
4. Update documentation with how to set environmental variables on hosting server
5. Security audit?

[Ragnar-H]

We also need a specific whitelist of allowed hosts https://github.com/veritus/veritus-backend/pull/48/files#diff-b88ab5042a172c0c6c6ac454587eb41fR28

[AriHrannar]

Ive made the secret key a environment variable in my docker setup (Stay tuned! Almost ready!!)

Whitlisting allowed hosts is one of things I have not done there, seems appropriate to add that task to the Docker branch

[AriHrannar]

54 fixes this