Don't keep sensitive settings in settings.py

If you are checking your settings.py into your git repository you must make sure you aren’t including any potentially sensitive information such as database passwords, secret keys and so on.

A quick and easy way to avoid this is to create a separate private.py file:

DATABASES = {
  'ENGINE' : 'django.db.backends.postgresql_psycopg2',
  'NAME' : 'dbname',
  'USER' : 'dbusername',
  'PASSWORD' : 'dbpassword'
}
SECRET_KEY = '...'

and import it in your settings.py:

from private import *
# ...

while blocking it via your .gitignore