Djecrety package also is available, read the docs!
Djecrety is hosted on Github Pages and doesn't have any back-end
code or database.
The keys generate on demand and it's completely random and never store to any file or database.
That's all. So you can safely use Djecrety.
As Django official documentation says:
A secret key used to provide cryptographic signing, and should be set to a unique, unpredictable value.
Running Django with a known
SECRET_KEY defeats many of
Django’s security protections, and can lead to privilege
escalation and remote code execution vulnerabilities.
So recommended: Keep it safe. Ignore
settings.py file in your commits. Change the secret
key on your deploy. If you lost the secret key for any reason or
the server got compromised change it as soon as possible.
After creating your project:
settings.py file and rename
settings.py.sample file and set
SECRET_KEY value empty.
SECRET_KEY = ''
settings.py file to
file. (If using git)
SECRET_KEY value to the new secret key
generated with Djecrety in