| | 1 | In the debug views `settings` is cleansed, which hides e.g. `SECRET_KEY`. |
| | 2 | |
| | 3 | But a lot of sensible information might also be present / come from `request.META`, e.g. in the form of `DJANGO_SECRET_KEY` or `DATABASE_URL`. |
| | 4 | |
| | 5 | It might be sensible to apply a filter in `TECHNICAL_500_TEMPLATE` (source code reference: https://github.com/django/django/blob/master/django/views/debug.py#L972-977). |
| | 6 | |
| | 7 | I see that this can be quite specific, but I think it would be sensible to apply `HIDDEN_SETTINGS` to all entries starting with `DJANGO_` and have a setting for additional entries, which might default to `DATABASE_URL` and `SENTRY_DSN`. |