Djecrety package also is available, read the docs!
Djecrety is hosted on Github Pages and doesn't have any back-end
code or database.
The keys generate on demand and it's completely random and never store to any file or database.
That's all. So you can safely use Djecrety.
As Django official documentation says:
A secret key used to provide cryptographic signing, and should be set to a unique, unpredictable value.
Running Django with a known
SECRET_KEYdefeats many of Django’s security protections, and can lead to privilege escalation and remote code execution vulnerabilities.
So recommended: Keep it safe. Ignore
settings.py file in your commits. Change the secret
key on your deploy. If you lost the secret key for any reason or
the server got compromised change it as soon as possible.
After creating your project:
settings.pyfile and rename it to
settings.py.samplefile and set
SECRET_KEY = ''
.gitignorefile. (If using git)
SECRET_KEYvalue to the new secret key generated with Djecrety in