How to handle sensitive configuration information when deploying app-engine applications?

Question

Example: I have an applications that needs to access an API providing an authentication token

myApi = MyApi(token=my_private_sensible_token)

<

Answer 1

Another possible approach is to have 2 copies of the app (actually 2 different apps which happen to have the same code), each with their own app_ID, config file(s), etc:

• one for development/staging, accessible by the larger development team
• one for production - (possibly cloned/forked from the same SCM repo, maybe a private branch?) only accessible by the trusted devs and with the contents of the config file overwritten/updated for production deployment

Such setup can offer additional benefits besides just restricting access to production credentials, for example:

• ability to use a CI system which includes automatic deployment on a very close to production environment
• tighter control to production deployments