The best way to do configuration is to have it in environment variables
Django doesn't expose static files the same way, so you still get away with a secret.txt stored as a file.
Django doesn't expose static files the same way, so you still get away with a secret.txt stored as a file.
Isn't it the only sensible way, actually?