diff --git a/.gitignore b/.gitignore
index 87424741ac5072a3f376e409b9b4fa8e606f6ae2..414d9fce79bf1d30073dec93e796fd4ff82ca396 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,8 @@
 # AKPlanning .gitignore
 # Custom
 
+# Secrets for production
+AKPlanning/settings_secrets.py
 
 # Created by https://www.gitignore.io/api/python,django,virtualenv,pycharm+all
 # Edit at https://www.gitignore.io/?templates=python,django,virtualenv,pycharm+all
diff --git a/AKPlanning/settings_production.py b/AKPlanning/settings_production.py
new file mode 100644
index 0000000000000000000000000000000000000000..094a6d1b5a00a35b0e55cd1b93042cf8d658a174
--- /dev/null
+++ b/AKPlanning/settings_production.py
@@ -0,0 +1,19 @@
+"""
+This is the settings file used in production.
+First, it imports all default settings, then overrides respective ones.
+Secrets are stored in and imported from an additional file, not set under version control.
+"""
+
+from AKPlanning.settings import *
+import AKPlanning.settings_secrets as secrets
+
+
+### SECURITY ###
+
+DEBUG = False
+
+ALLOWED_HOSTS = secrets.HOSTS
+
+SECRET_KEY = secrets.SECRET_KEY
+
+# TODO: DB, chaching, CSRF etc.
diff --git a/AKPlanning/settings_secrets.py.sample b/AKPlanning/settings_secrets.py.sample
new file mode 100644
index 0000000000000000000000000000000000000000..3f0d58ad26b4dd1c30f6b689ec44ef2ca0188e98
--- /dev/null
+++ b/AKPlanning/settings_secrets.py.sample
@@ -0,0 +1,3 @@
+SECRET_KEY = ''
+
+HOSTS = []