From 51373f3c22c6036718e6a8af8d19fc6d7ad98d4c Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@wurzel.schottelius.org>
Date: Thu, 3 Sep 2015 20:04:12 +0200
Subject: [PATCH] read secret key from file

Signed-off-by: Nico Schottelius <nico@wurzel.schottelius.org>
---
 dynamicweb/settings.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/dynamicweb/settings.py b/dynamicweb/settings.py
index cdaf12e5..08b8e93f 100644
--- a/dynamicweb/settings.py
+++ b/dynamicweb/settings.py
@@ -35,8 +35,9 @@ LOGIN_REDIRECT_URL = None
 EMAIL_HOST="localhost"
 EMAIL_PORT=25
 
-# SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = 'xlhyv_l5-z6e8_@q6)n0up1a0$5-aad7d)om2t8g$bi6*@q44i'
+SECRET_KEY_FILE = os.path.join(BASE_DIR, "secret-key")
+with open(SECRET_KEY_FILE, "r") as f:
+    SECRET_KEY = f.read().strip()
 
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = False