diff --git a/cof/settings/.gitignore b/cof/settings/.gitignore
new file mode 100644
index 00000000..21425062
--- /dev/null
+++ b/cof/settings/.gitignore
@@ -0,0 +1 @@
+secret.py
diff --git a/cof/settings_dev.py b/cof/settings/common.py
similarity index 62%
rename from cof/settings_dev.py
rename to cof/settings/common.py
index b04165c8..93b11dae 100644
--- a/cof/settings_dev.py
+++ b/cof/settings/common.py
@@ -1,32 +1,40 @@
 # -*- coding: utf-8 -*-
 """
-Django settings for cof project.
+Django common settings for cof project.
 
-For more information on this file, see
-https://docs.djangoproject.com/en/1.8/topics/settings/
-
-For the full list of settings and their values, see
-https://docs.djangoproject.com/en/1.8/ref/settings/
+Everything which is supposed to be identical between the production server and
+the local development server should be here.
 """
 
-# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 import os
 
-BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+# Database credentials
+try:
+    from .secret import DBNAME, DBUSER, DBPASSWD
+except ImportError:
+    # On the local development VM, theses credentials are in the environment
+    DBNAME = os.environ["DBNAME"]
+    DBUSER = os.environ["DBUSER"]
+    DBPASSWD = os.environ["DBPASSWD"]
+except KeyError:
+    raise RuntimeError("Secrets missing")
 
-EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
+# Other secrets
+try:
+    from .secret import (
+        SECRET_KEY, RECAPTCHA_PUBLIC_KEY, RECAPTCHA_PRIVATE_KEY, ADMINS
+    )
+except ImportError:
+    raise RuntimeError("Secrets missing")
 
-# Quick-start development settings - unsuitable for production
-# See https://docs.djangoproject.com/en/1.8/howto/deployment/checklist/
 
-# SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = 'q()(zn4m63i%5cp4)f+ww4-28_w+ly3q9=6imw2ciu&_(5_4ah'
+BASE_DIR = os.path.dirname(
+    os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+)
 
-# SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
 
 # Application definition
-INSTALLED_APPS = (
+INSTALLED_APPS = [
     'gestioncof',
     'django.contrib.auth',
     'django.contrib.contenttypes',
@@ -41,17 +49,15 @@ INSTALLED_APPS = (
     'autocomplete_light',
     'captcha',
     'django_cas_ng',
-    'debug_toolbar',
     'bootstrapform',
     'kfet',
     'channels',
     'widget_tweaks',
     'custommail',
     'djconfig',
-)
+]
 
-MIDDLEWARE_CLASSES = (
-    'debug_toolbar.middleware.DebugToolbarMiddleware',
+MIDDLEWARE_CLASSES = [
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
@@ -62,7 +68,7 @@ MIDDLEWARE_CLASSES = (
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
     'django.middleware.security.SecurityMiddleware',
     'djconfig.middleware.DjConfigMiddleware',
-)
+]
 
 ROOT_URLCONF = 'cof.urls'
 
@@ -89,17 +95,12 @@ TEMPLATES = [
     },
 ]
 
-# WSGI_APPLICATION = 'cof.wsgi.application'
-
-# Database
-# https://docs.djangoproject.com/en/1.8/ref/settings/#databases
-
 DATABASES = {
     'default': {
         'ENGINE': 'django.db.backends.mysql',
-        'NAME': os.environ['DBNAME'],
-        'USER': os.environ['DBUSER'],
-        'PASSWORD': os.environ['DBPASSWD'],
+        'NAME': DBNAME,
+        'USER': DBUSER,
+        'PASSWORD': DBPASSWD,
         'HOST': os.environ.get('DBHOST', 'localhost'),
     }
 }
@@ -118,19 +119,6 @@ USE_L10N = True
 
 USE_TZ = True
 
-
-# Static files (CSS, JavaScript, Images)
-# https://docs.djangoproject.com/en/1.8/howto/static-files/
-
-STATIC_URL = '/static/'
-STATIC_ROOT = '/var/www/static/'
-
-# Media upload (through ImageField, SiteField)
-# https://docs.djangoproject.com/en/1.9/ref/models/fields/
-
-MEDIA_ROOT = os.path.join(BASE_DIR, 'media/')
-MEDIA_URL = '/media/'
-
 # Various additional settings
 SITE_ID = 1
 
@@ -163,12 +151,6 @@ AUTHENTICATION_BACKENDS = (
     'kfet.backends.GenericTeamBackend',
 )
 
-# LDAP_SERVER_URL = 'ldaps://ldap.spi.ens.fr:636'
-
-# EMAIL_HOST="nef.ens.fr"
-
-RECAPTCHA_PUBLIC_KEY = "DUMMY"
-RECAPTCHA_PRIVATE_KEY = "DUMMY"
 RECAPTCHA_USE_SSL = True
 
 # Channels settings
@@ -183,22 +165,4 @@ CHANNEL_LAYERS = {
     }
 }
 
-
-def show_toolbar(request):
-    """
-    On ne veut pas la vérification de INTERNAL_IPS faite par la debug-toolbar
-    car cela interfère avec l'utilisation de Vagrant. En effet, l'adresse de la
-    machine physique n'est pas forcément connue, et peut difficilement être
-    mise dans les INTERNAL_IPS.
-    """
-    if not DEBUG:
-        return False
-    if request.is_ajax():
-        return False
-    return True
-
-DEBUG_TOOLBAR_CONFIG = {
-    'SHOW_TOOLBAR_CALLBACK': show_toolbar,
-}
-
 FORMAT_MODULE_PATH = 'cof.locale'
diff --git a/cof/settings/dev.py b/cof/settings/dev.py
new file mode 100644
index 00000000..6272e6d9
--- /dev/null
+++ b/cof/settings/dev.py
@@ -0,0 +1,51 @@
+"""
+Django development settings for the cof project.
+The settings that are not listed here are imported from .common
+"""
+
+import os
+
+from .common import *
+
+
+EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
+
+DEBUG = True
+
+
+# ---
+# Apache static/media config
+# ---
+
+STATIC_URL = '/static/'
+STATIC_ROOT = '/var/www/static/'
+
+MEDIA_ROOT = os.path.join(BASE_DIR, 'media/')
+MEDIA_URL = '/media/'
+
+
+# ---
+# Debug tool bar
+# ---
+
+def show_toolbar(request):
+    """
+    On ne veut pas la vérification de INTERNAL_IPS faite par la debug-toolbar
+    car cela interfère avec l'utilisation de Vagrant. En effet, l'adresse de la
+    machine physique n'est pas forcément connue, et peut difficilement être
+    mise dans les INTERNAL_IPS.
+    """
+    if not DEBUG:
+        return False
+    if request.is_ajax():
+        return False
+    return True
+
+INSTALLED_APPS += ["debug_toolbar"]
+MIDDLEWARE_CLASSES = (
+    ["debug_toolbar.middleware.DebugToolbarMiddleware"]
+    + MIDDLEWARE_CLASSES
+)
+DEBUG_TOOLBAR_CONFIG = {
+    'SHOW_TOOLBAR_CALLBACK': show_toolbar,
+}
diff --git a/cof/settings/prod.py b/cof/settings/prod.py
new file mode 100644
index 00000000..5fae5651
--- /dev/null
+++ b/cof/settings/prod.py
@@ -0,0 +1,26 @@
+"""
+Django development settings for the cof project.
+The settings that are not listed here are imported from .common
+"""
+
+import os
+
+from .common import *
+
+
+DEBUG = False
+
+ALLOWED_HOSTS = [
+    "cof.ens.fr",
+    "www.cof.ens.fr",
+    "dev.cof.ens.fr"
+]
+
+STATIC_ROOT = os.path.join(os.path.dirname(BASE_DIR), "static")
+STATIC_URL = "/gestion/static/"
+MEDIA_ROOT = os.path.join(os.path.dirname(BASE_DIR), "media")
+MEDIA_URL = "/gestion/media/"
+
+LDAP_SERVER_URL = "ldaps://ldap.spi.ens.fr:636"
+
+EMAIL_HOST = "nef.ens.fr"
diff --git a/cof/settings/secret_example.py b/cof/settings/secret_example.py
new file mode 100644
index 00000000..36a8e932
--- /dev/null
+++ b/cof/settings/secret_example.py
@@ -0,0 +1,4 @@
+SECRET_KEY = 'q()(zn4m63i%5cp4)f+ww4-28_w+ly3q9=6imw2ciu&_(5_4ah'
+RECAPTCHA_PUBLIC_KEY = "DUMMY"
+RECAPTCHA_PRIVATE_KEY = "DUMMY"
+ADMINS = None
diff --git a/provisioning/bootstrap.sh b/provisioning/bootstrap.sh
index 269e4f25..c8f73ab6 100644
--- a/provisioning/bootstrap.sh
+++ b/provisioning/bootstrap.sh
@@ -36,7 +36,7 @@ chown -R ubuntu:www-data /var/www/static
 # Mise en place du .bash_profile pour tout configurer lors du `vagrant ssh`
 cat >> ~ubuntu/.bashrc <<EOF
 # On utilise la version de développement de GestioCOF
-export DJANGO_SETTINGS_MODULE='cof.settings_dev'
+export DJANGO_SETTINGS_MODULE='cof.settings.dev'
 
 # Identifiants MySQL
 export DBUSER="$DBUSER"
@@ -61,8 +61,11 @@ sudo -H -u ubuntu python3 -m venv ~ubuntu/venv
 sudo -H -u ubuntu ~ubuntu/venv/bin/pip install -U pip
 sudo -H -u ubuntu ~ubuntu/venv/bin/pip install -r requirements.txt -r requirements-devel.txt
 
+# Installation des secrets
+sudo -H -u ubuntu cp cof/settings/secret_example.py cof/settings/secret.py
+
 # Préparation de Django
-sudo -H -u ubuntu DJANGO_SETTINGS_MODULE='cof.settings_dev' DBUSER=$DBUSER DBNAME=$DBNAME DBPASSWD=$DBPASSWD bash provisioning/prepare_django.sh
+sudo -H -u ubuntu DJANGO_SETTINGS_MODULE='cof.settings.dev' DBUSER=$DBUSER DBNAME=$DBNAME DBPASSWD=$DBPASSWD bash provisioning/prepare_django.sh
 
 # Installation du cron pour les mails de rappels
 sudo -H -u ubuntu crontab provisioning/cron.dev
diff --git a/provisioning/cron.dev b/provisioning/cron.dev
index 6cd2ca81..0dab871f 100644
--- a/provisioning/cron.dev
+++ b/provisioning/cron.dev
@@ -1,5 +1,5 @@
 # On utilise la version de développement de GestioCOF
-DJANGO_SETTINGS_MODULE='cof.settings_dev'
+DJANGO_SETTINGS_MODULE='cof.settings.dev'
 
 # Identifiants MySQL
 DBUSER="cof_gestion"
diff --git a/provisioning/supervisor.conf b/provisioning/supervisor.conf
index c806a13d..5fe3c22b 100644
--- a/provisioning/supervisor.conf
+++ b/provisioning/supervisor.conf
@@ -2,7 +2,7 @@
 command=/home/ubuntu/venv/bin/python /vagrant/manage.py runworker
 directory=/vagrant/
 user=ubuntu
-environment=DBUSER={DBUSER},DBNAME={DBNAME},DBPASSWD={DBPASSWD},DJANGO_SETTINGS_MODULE="cof.settings_dev"
+environment=DBUSER={DBUSER},DBNAME={DBNAME},DBPASSWD={DBPASSWD},DJANGO_SETTINGS_MODULE="cof.settings.dev"
 autostart=true
 autorestart=true
 redirect_stderr=true
@@ -11,7 +11,7 @@ redirect_stderr=true
 
 [program:interface]
 command=/home/ubuntu/venv/bin/daphne -b 127.0.0.1 -p 8001 cof.asgi:channel_layer
-environment=DBUSER={DBUSER},DBNAME={DBNAME},DBPASSWD={DBPASSWD},DJANGO_SETTINGS_MODULE="cof.settings_dev"
+environment=DBUSER={DBUSER},DBNAME={DBNAME},DBPASSWD={DBPASSWD},DJANGO_SETTINGS_MODULE="cof.settings.dev"
 directory=/vagrant/
 redirect_stderr=true
 autostart=true