removed SECRET_KEY from production settings, must be provides in

secrets.json

README.md

@@ -6,6 +6,7 @@ purpose: gather data from intern(WMDE) and extern(volunteers) forms to create a
 
     ln -sr foerderbarometer/settings_development.py foerderbarometer/settings.py
 
+  
 run the development server with
 
     python3 manage.py runserver
@@ -25,7 +26,8 @@ run the development server with
 edit /secrets.json to contain something similar to
 
     {
-      "DATABASE_PASSWORD": "THIS IS TOP SECRET!"
+      "DATABASE_PASSWORD": "THIS IS TOP SECRET!",
+      "SECRET_KEY": "THIS IS ANOTHER SECRET!"
     }
 
 edit foerderbarometer/settings_production.py according to your database setup (tested with MariaDB 10.0.36)

foerderbarometer/settings_production.py

@@ -45,7 +45,7 @@ def get_secret(setting, secrets=secrets):
 # See https://docs.djangoproject.com/en/3.1/howto/deployment/checklist/
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = '*&7p9#_n$@^%0z49s+7jpy@+j1rw_hqh05knyd6y2*!0)r&b6h'
+SECRET_KEY = get_secret('SECRET_KEY')
 
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = False