Update default `SECRET_KEY` value

From Stakeholders:
“…we received a security report related to https://github.com/mozilla/network-pulse-api. The security report mentions hard coded secret keys in the repo.”

After taking a look through the repo, I can see that the same “secret key” value is being hardcoded in the following places:
[sample.env](https://github.com/mozilla/network-pulse-api/blob/master/appveyor.yml#L18)
[travis.yml](https://github.com/mozilla/network-pulse-api/blob/master/.travis.yml#L31)
[appveyor.yml](https://github.com/mozilla/network-pulse-api/blob/master/appveyor.yml#L18)
[ci.yml](https://github.com/mozilla/network-pulse-api/blob/master/.github/workflows/ci.yml#L28)

After taking a look at the site settings in heroku, I can confirm that the key found in the files above are not the secret key used in production. 

However, we should update this "default" secret key value to something that is a little less confusing. 

Something along the lines of: 
```
SECRET_KEY=mydummykey  # Only for testing purposes, do not use in production
```
should work.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update default `SECRET_KEY` value #810

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Update default SECRET_KEY value #810

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Update default `SECRET_KEY` value #810