8👍
You usually add that file to the .gitignore, such that the file is not part of the (GitHub) repository. This means that you can add (other) settings in the project, and you load "sensitive" settings through environment variables, or files.
This hackernoon post for example, discusses four ways to define sensitive variables such that these are not defined in files that you add to the subversioning system.
Usually it is advisable to incude a settings.py in the project however, stripped from sensitive data. That way a peer can easily set up the project all the other (required) settings, and thus only has to define a limited number of sensitive variable to get the project running.
I think however using an environment variable might be better, since it is probably easier to specify this, and thus to manage a number of processes that all might work with different values.