Create a .env file that will hold your credentials at the root of your project and leave it out of versioning:
$ echo ".env" >> .gitignore
In the .env file, add the variables (adapt them according to your installation):
$ echo "DJANGO_SETTINGS_MODULE=myproject.settings.production"> .env
#50 caracter random key
$ echo "SECRET_KEY='####'">> .env
To use them, put this on top of your production.py settings file:
import os
env = os.environ.copy()
SECRET_KEY = env['SECRET_KEY']
Publish it to Heroku using this gem: http://github.com/ddollar/heroku-config.git
$ heroku plugins:install git://github.com/ddollar/heroku-config.git
$ heroku config:push
This way you avoid to change virtualenv files.
*Based on this tutorial