Today's feature is a non-user facing feature: allowing tanzawa to be configured using a .env file via django-environ. Beyond letting me keep production settings / paths / secret keys out of git or keeping a separate for production, it also let me enable secure session cookies. Secure cookies with some apache/nginx configuration allows the url generated when you upload an image use https instead of http, which keeps the padlock in your browser locked.