Get django secret key from a file, and generate it if needed

.gitignore

@@ -3,3 +3,4 @@
 *.pyc
 /.coverage
 /htmlcov
+/secret.key

bars_django/settings/common.py

@@ -13,7 +13,34 @@ import os
 PROJECT_ROOT = os.path.dirname(os.path.dirname(os.path.dirname(__file__)))
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = ')$w@s+3e_&cl19@c2-qbi^rr6fnzj4p*0%3u_xtltj0*-cc0&v'
+"""
+Two things are wrong with Django's default `SECRET_KEY` system:
+
+1. It is not random but pseudo-random
+2. It saves and displays the SECRET_KEY in `settings.py`
+
+This snippet
+1. uses `SystemRandom()` instead to generate a random key
+2. saves a local `secret.txt`
+
+The result is a random and safely hidden `SECRET_KEY`.
+"""
+try:
+    SECRET_KEY
+except NameError:
+    SECRET_FILE = os.path.join(PROJECT_ROOT, 'secret.key')
+    try:
+        SECRET_KEY = open(SECRET_FILE).read().strip()
+    except IOError:
+        try:
+            import random
+            symbols = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)'
+            SECRET_KEY = ''.join([random.SystemRandom().choice(symbols) for i in range(50)])
+            with open(SECRET_FILE, 'w') as f:
+                f.write(SECRET_KEY)
+        except IOError:
+            Exception('Please create a %s file with random characters \
+            to generate your secret key!' % SECRET_FILE)
 
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = False