As the title suggests - I'm looking for best practise for using API_KEYS, CLIENT_SECRETS etc etc within the settings.py of my Django project. I can't seem to find exactly what I'm looking for on this - documentation wise.
To ask an implicit question: what is the best method for storing this information in both development and in production?
The best practice for using API_KEYS and CLIENT_SECRET keys in settings.py would be to not store them there at all!
You will be better off setting environment variables in the OS and retrieving them in the settings.py file as and when needed. In this way, your keys will never touch the codebase and remain safely inside the OS.
You can do something like this in your settings.py:
import os
API_KEY = os.environ.get('API_KEY_ENVIRONMENT_VARIABLE')
CLIENT_SECRET = os.environ.get('CLIENT_SECRET_KEY_ENVIRONMENT_VARIABLE')