SECRET_KEY commit on GitHub

Hello everyone,

I manage to replace the SECRET_KEY in my project. Put it into a .env file and replace it in the settings.py file with:

from decouple import config

SECRET_KEY = config("SECRET_KEY") # this is to replace the secret key you cut away before

What do I have to put into the README file as instructions if someone will pull the repository and install it on her/his computer? Do they need to do something or is the SECRET_KEY generated automatically? (Perhaps I should do this to find out by myself, to pull a repository of someone else and see what is happening. Just in this moment when I wrote this post I got the idea.) I would be happy if someone could answer me that please.

Are these instructions necessary?

$ pip install django-secret-key
$ django-secret-key

Thanks in advance
Doro

What you are doing with .env is standard practice for keeping secrets out of the settings.py file, and is a great way to avoid committing secrets to version controll. If you are not doing this with your DB credentials too, you may want to do that.
You can read about what SECRET_KEY does in the docs.
If you remove the key, users will have to generate a new on in settings.py, so you may want to leave the pip package instructions in there. Probably try to download and build the project from your instructions in the repo. If you expect people to download and try to run the project, that’s the best way to find problems! Good luck!