OK, so there’s an interesting question as to how we might bootstrap a secrets manager.
The Django Way™ is to put such things in settings, but the whole(?) point of this is to keep values that would go into setting out of it.
Maybe instantiating the secrets manager would have to go early in the settings file — with some aspects passed from the command line: the settings file can’t include credentials for the secrets store! I’d make it explicit what strategy was being followed etc.
Part of the project is to work this out.
HTH