SECRET_KEY leaked or reused invalidates session and token security

Django SECRET_KEY is committed to version control, shared across environments, or otherwise exposed. This compromises all cryptographic operations including session signing, password reset tokens, and signed values.

Generate unique SECRET_KEY per environment using cryptographically secure methods. Store in environment variables, never commit to git. Use SECRET_KEY = os.getenv("DJANGO_SECRET_KEY") with runtime validation. Rotate immediately if compromised. Ensure staging and production have different keys.